diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md index b31724782786..eda637396f1e 100644 --- a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -1,5 +1,5 @@ # Release History -## 1.0.0-beta.1 (2022-01-19) +## 1.0.0 (2022-02-14) The package of @azure/arm-securityinsight is using our next generation design principles. To learn more, please refer to our documentation [Quick Start](https://aka.ms/js-track2-quickstart). diff --git a/sdk/securityinsight/arm-securityinsight/README.md b/sdk/securityinsight/arm-securityinsight/README.md index 6d7ac3813890..d3d159330907 100644 --- a/sdk/securityinsight/arm-securityinsight/README.md +++ b/sdk/securityinsight/arm-securityinsight/README.md @@ -6,7 +6,7 @@ API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provi [Source code](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/securityinsight/arm-securityinsight) | [Package (NPM)](https://www.npmjs.com/package/@azure/arm-securityinsight) | -[API reference documentation](https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight?view=azure-node-preview) | +[API reference documentation](https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight) | [Samples](https://github.com/Azure-Samples/azure-samples-js-management) ## Getting started diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json index 55f48480abfc..3eb6c9f7a466 100644 --- a/sdk/securityinsight/arm-securityinsight/_meta.json +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -1,7 +1,7 @@ { - "commit": "1b0a465061c68175898f8f5d27f0301f42ce994c", + "commit": "6431e6ac971583039074f2127d47f371f99bc35e", "readme": "specification/securityinsights/resource-manager/readme.md", - "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=D:\\mydev\\azure-sdk-for-js ../azure-rest-api-specs/specification/iotspaces/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220114.1 --generate-sample=true", + "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220105.1", "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", - "use": "@autorest/typescript@6.0.0-alpha.16.20220114.1" -} + "use": "@autorest/typescript@6.0.0-alpha.16.20220105.1" +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/api-extractor.json b/sdk/securityinsight/arm-securityinsight/api-extractor.json index c343bf73e921..ba4f20f727f2 100644 --- a/sdk/securityinsight/arm-securityinsight/api-extractor.json +++ b/sdk/securityinsight/arm-securityinsight/api-extractor.json @@ -1,18 +1,31 @@ { "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json", "mainEntryPointFilePath": "./dist-esm/src/index.d.ts", - "docModel": { "enabled": true }, - "apiReport": { "enabled": true, "reportFolder": "./review" }, + "docModel": { + "enabled": true + }, + "apiReport": { + "enabled": true, + "reportFolder": "./review" + }, "dtsRollup": { "enabled": true, "untrimmedFilePath": "", "publicTrimmedFilePath": "./types/arm-securityinsight.d.ts" }, "messages": { - "tsdocMessageReporting": { "default": { "logLevel": "none" } }, + "tsdocMessageReporting": { + "default": { + "logLevel": "none" + } + }, "extractorMessageReporting": { - "ae-missing-release-tag": { "logLevel": "none" }, - "ae-unresolved-link": { "logLevel": "none" } + "ae-missing-release-tag": { + "logLevel": "none" + }, + "ae-unresolved-link": { + "logLevel": "none" + } } } -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json index 60b9c83bbb72..b2f059eb93dd 100644 --- a/sdk/securityinsight/arm-securityinsight/package.json +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -3,8 +3,10 @@ "sdk-type": "mgmt", "author": "Microsoft Corporation", "description": "A generated SDK for SecurityInsights.", - "version": "1.0.0-beta.1", - "engines": { "node": ">=12.0.0" }, + "version": "1.0.0", + "engines": { + "node": ">=12.0.0" + }, "dependencies": { "@azure/core-paging": "^1.2.0", "@azure/core-client": "^1.0.0", @@ -12,7 +14,13 @@ "@azure/core-rest-pipeline": "^1.1.0", "tslib": "^2.2.0" }, - "keywords": ["node", "azure", "typescript", "browser", "isomorphic"], + "keywords": [ + "node", + "azure", + "typescript", + "browser", + "isomorphic" + ], "license": "MIT", "main": "./dist/index.js", "module": "./dist-esm/src/index.js", @@ -39,7 +47,9 @@ "type": "git", "url": "https://github.com/Azure/azure-sdk-for-js.git" }, - "bugs": { "url": "https://github.com/Azure/azure-sdk-for-js/issues" }, + "bugs": { + "url": "https://github.com/Azure/azure-sdk-for-js/issues" + }, "files": [ "dist/**/*.js", "dist/**/*.js.map", @@ -86,10 +96,5 @@ "docs": "echo skipped" }, "sideEffects": false, - "//metadata": { - "constantPaths": [ - { "path": "src/SecurityInsights.ts", "prefix": "packageDetails" } - ] - }, "autoPublish": true -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/recordings/node/my_test/recording_sample_test.js b/sdk/securityinsight/arm-securityinsight/recordings/node/my_test/recording_sample_test.js deleted file mode 100644 index 0f6ecb857acf..000000000000 --- a/sdk/securityinsight/arm-securityinsight/recordings/node/my_test/recording_sample_test.js +++ /dev/null @@ -1,5 +0,0 @@ -let nock = require('nock'); - -module.exports.hash = "7a6be38bb8cb644d64b4094802301751"; - -module.exports.testInfo = {"uniqueName":{},"newDate":{}} diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md index 0c10f5865d27..a51a515a29db 100644 --- a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -8,78 +8,18 @@ import * as coreAuth from '@azure/core-auth'; import * as coreClient from '@azure/core-client'; import { PagedAsyncIterableIterator } from '@azure/core-paging'; -// @public -export type AADCheckRequirements = DataConnectorsCheckRequirements & { - kind: "AzureActiveDirectory"; - tenantId?: string; -}; - -// @public -export type AADCheckRequirementsProperties = DataConnectorTenantId & {}; - // @public export type AADDataConnector = DataConnector & { tenantId?: string; dataTypes?: AlertsDataTypeOfDataConnector; }; -// @public -export type AADDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; - -// @public -export type AatpCheckRequirements = DataConnectorsCheckRequirements & { - kind: "AzureAdvancedThreatProtection"; - tenantId?: string; -}; - -// @public -export type AatpCheckRequirementsProperties = DataConnectorTenantId & {}; - // @public export type AatpDataConnector = DataConnector & { tenantId?: string; dataTypes?: AlertsDataTypeOfDataConnector; }; -// @public -export type AatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; - -// @public -export type AccountEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly aadTenantId?: string; - readonly aadUserId?: string; - readonly accountName?: string; - readonly displayName?: string; - readonly hostEntityId?: string; - readonly isDomainJoined?: boolean; - readonly ntDomain?: string; - readonly objectGuid?: string; - readonly puid?: string; - readonly sid?: string; - readonly upnSuffix?: string; - readonly dnsDomain?: string; -}; - -// @public -export type AccountEntityProperties = EntityCommonProperties & { - readonly aadTenantId?: string; - readonly aadUserId?: string; - readonly accountName?: string; - readonly displayName?: string; - readonly hostEntityId?: string; - readonly isDomainJoined?: boolean; - readonly ntDomain?: string; - readonly objectGuid?: string; - readonly puid?: string; - readonly sid?: string; - readonly upnSuffix?: string; - readonly dnsDomain?: string; -}; - // @public export interface ActionPropertiesBase { logicAppResourceId: string; @@ -97,7 +37,8 @@ export type ActionRequestProperties = ActionPropertiesBase & { }; // @public -export type ActionResponse = ResourceWithEtag & { +export type ActionResponse = Resource & { + etag?: string; logicAppResourceId?: string; workflowId?: string; }; @@ -153,88 +94,6 @@ export interface ActionsListByAlertRuleOptionalParams extends coreClient.Operati // @public export type ActionsListByAlertRuleResponse = ActionsList; -// @public -export type ActivityCustomEntityQuery = CustomEntityQuery & { - title?: string; - content?: string; - description?: string; - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - inputEntityType?: EntityType; - requiredInputFieldsSets?: string[][]; - entitiesFilter?: { - [propertyName: string]: string[]; - }; - templateName?: string; - enabled?: boolean; - readonly createdTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; -}; - -// @public -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - query?: string; -} - -// @public -export type ActivityEntityQuery = EntityQuery & { - title?: string; - content?: string; - description?: string; - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - inputEntityType?: EntityType; - requiredInputFieldsSets?: string[][]; - entitiesFilter?: { - [propertyName: string]: string[]; - }; - templateName?: string; - enabled?: boolean; - readonly createdTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; -}; - -// @public -export type ActivityEntityQueryTemplate = EntityQueryTemplate & { - title?: string; - content?: string; - description?: string; - queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions; - dataTypes?: DataTypeDefinitions[]; - inputEntityType?: EntityType; - requiredInputFieldsSets?: string[][]; - entitiesFilter?: { - [propertyName: string]: string[]; - }; -}; - -// @public -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - query?: string; - summarizeBy?: string; -} - -// @public -export type ActivityTimelineItem = EntityTimelineItem & { - kind: "Activity"; - queryId: string; - bucketStartTimeUTC: Date; - bucketEndTimeUTC: Date; - firstActivityTimeUTC: Date; - lastActivityTimeUTC: Date; - content: string; - title: string; -}; - -// @public -export type AlertDetail = string; - -// @public -export interface AlertDetailsOverride { - alertDescriptionFormat?: string; - alertDisplayNameFormat?: string; - alertSeverityColumnName?: string; - alertTacticsColumnName?: string; -} - // @public export type AlertRule = ResourceWithEtag & { kind: AlertRuleKind; @@ -300,17 +159,6 @@ export interface AlertRuleTemplateDataSource { dataTypes?: string[]; } -// @public -export interface AlertRuleTemplatePropertiesBase { - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - readonly lastUpdatedDateUTC?: Date; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; -} - // @public export interface AlertRuleTemplates { get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: AlertRuleTemplatesGetOptionalParams): Promise; @@ -345,36 +193,19 @@ export interface AlertRuleTemplatesListOptionalParams extends coreClient.Operati export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; // @public (undocumented) -export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate; +export type AlertRuleTemplateUnion = AlertRuleTemplate | FusionAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate; // @public (undocumented) -export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; +export type AlertRuleUnion = AlertRule | FusionAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule; // @public export interface AlertsDataTypeOfDataConnector { - alerts: DataConnectorDataTypeCommon; + alerts?: DataConnectorDataTypeCommon; } // @public export type AlertSeverity = string; -// @public -export type AlertStatus = string; - -// @public -export type Anomalies = Settings & { - readonly isEnabled?: boolean; -}; - -// @public -export type AntispamMailDirection = string; - -// @public -export type ASCCheckRequirements = DataConnectorsCheckRequirements & { - kind: "AzureSecurityCenter"; - subscriptionId?: string; -}; - // @public export type ASCDataConnector = DataConnector & { dataTypes?: AlertsDataTypeOfDataConnector; @@ -390,4618 +221,864 @@ export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { export type AttackTactic = string; // @public -export type AutomationRule = ResourceWithEtag & { - displayName?: string; - order?: number; - triggeringLogic?: AutomationRuleTriggeringLogic; - actions?: AutomationRuleActionUnion[]; - readonly createdTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; - readonly createdBy?: ClientInfo; - readonly lastModifiedBy?: ClientInfo; +export type AwsCloudTrailDataConnector = DataConnector & { + awsRoleArn?: string; + dataTypes?: AwsCloudTrailDataConnectorDataTypes; }; // @public -export interface AutomationRuleAction { - actionType: "RunPlaybook" | "ModifyProperties"; - order: number; -} - -// @public -export type AutomationRuleActionType = string; - -// @public (undocumented) -export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleRunPlaybookAction | AutomationRuleModifyPropertiesAction; - -// @public -export interface AutomationRuleCondition { - conditionType: "Property"; +export interface AwsCloudTrailDataConnectorDataTypes { + logs?: AwsCloudTrailDataConnectorDataTypesLogs; } // @public -export type AutomationRuleConditionType = string; - -// @public (undocumented) -export type AutomationRuleConditionUnion = AutomationRuleCondition | AutomationRulePropertyValuesCondition; +export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; // @public -export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { - actionType: "ModifyProperties"; - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; +export type Bookmark = ResourceWithEtag & { + created?: Date; + createdBy?: UserInfo; + displayName?: string; + labels?: string[]; + notes?: string; + query?: string; + queryResult?: string; + updated?: Date; + updatedBy?: UserInfo; + eventTime?: Date; + queryStartTime?: Date; + queryEndTime?: Date; + incidentInfo?: IncidentInfo; }; // @public -export interface AutomationRuleModifyPropertiesActionConfiguration { - classification?: IncidentClassification; - classificationComment?: string; - classificationReason?: IncidentClassificationReason; - labels?: IncidentLabel[]; - owner?: IncidentOwnerInfo; - severity?: IncidentSeverity; - status?: IncidentStatus; +export interface BookmarkList { + readonly nextLink?: string; + value: Bookmark[]; } // @public -export type AutomationRulePropertyConditionSupportedOperator = string; +export interface Bookmarks { + createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, bookmark: Bookmark, options?: BookmarksCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: BookmarksListOptionalParams): PagedAsyncIterableIterator; +} // @public -export type AutomationRulePropertyConditionSupportedProperty = string; +export interface BookmarksCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} // @public -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { - conditionType: "Property"; - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; +export type BookmarksCreateOrUpdateResponse = Bookmark; // @public -export interface AutomationRulePropertyValuesConditionProperties { - operator?: AutomationRulePropertyConditionSupportedOperator; - propertyName?: AutomationRulePropertyConditionSupportedProperty; - propertyValues?: string[]; +export interface BookmarksDeleteOptionalParams extends coreClient.OperationOptions { } // @public -export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { - actionType: "RunPlaybook"; - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; -}; - -// @public -export interface AutomationRuleRunPlaybookActionConfiguration { - logicAppResourceId?: string; - tenantId?: string; +export interface BookmarksGetOptionalParams extends coreClient.OperationOptions { } // @public -export interface AutomationRules { - createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: AutomationRulesListOptionalParams): PagedAsyncIterableIterator; -} +export type BookmarksGetResponse = Bookmark; // @public -export interface AutomationRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +export interface BookmarksListNextOptionalParams extends coreClient.OperationOptions { } // @public -export type AutomationRulesCreateOrUpdateResponse = AutomationRule; +export type BookmarksListNextResponse = BookmarkList; // @public -export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions { +export interface BookmarksListOptionalParams extends coreClient.OperationOptions { } // @public -export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions { -} +export type BookmarksListResponse = BookmarkList; // @public -export type AutomationRulesGetResponse = AutomationRule; +export type CaseSeverity = string; // @public -export interface AutomationRulesList { - readonly nextLink?: string; - value: AutomationRule[]; +export interface ClientInfo { + email?: string; + name?: string; + objectId?: string; + userPrincipalName?: string; } // @public -export interface AutomationRulesListNextOptionalParams extends coreClient.OperationOptions { +export interface CloudError { + error?: ErrorResponse; } // @public -export type AutomationRulesListNextResponse = AutomationRulesList; +export type DataConnector = ResourceWithEtag & { + kind: DataConnectorKind; +}; // @public -export interface AutomationRulesListOptionalParams extends coreClient.OperationOptions { +export interface DataConnectorDataTypeCommon { + state?: DataTypeState; } // @public -export type AutomationRulesListResponse = AutomationRulesList; +export type DataConnectorKind = string; // @public -export interface AutomationRuleTriggeringLogic { - conditions?: AutomationRuleConditionUnion[]; - expirationTimeUtc?: Date; - isEnabled: boolean; - triggersOn: TriggersOn; - triggersWhen: TriggersWhen; +export interface DataConnectorList { + readonly nextLink?: string; + value: DataConnectorUnion[]; } // @public -export interface Availability { - isPreview?: boolean; - status?: "1"; +export interface DataConnectors { + createOrUpdate(resourceGroupName: string, workspaceName: string, dataConnectorId: string, dataConnector: DataConnectorUnion, options?: DataConnectorsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: DataConnectorsListOptionalParams): PagedAsyncIterableIterator; } // @public -export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & { - kind: "AmazonWebServicesCloudTrail"; -}; - -// @public -export type AwsCloudTrailDataConnector = DataConnector & { - awsRoleArn?: string; - dataTypes?: AwsCloudTrailDataConnectorDataTypes; -}; - -// @public -export interface AwsCloudTrailDataConnectorDataTypes { - logs: AwsCloudTrailDataConnectorDataTypesLogs; +export interface DataConnectorsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } // @public -export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; - -// @public -export type AwsS3CheckRequirements = DataConnectorsCheckRequirements & { - kind: "AmazonWebServicesS3"; -}; - -// @public -export type AwsS3DataConnector = DataConnector & { - destinationTable?: string; - sqsUrls?: string[]; - roleArn?: string; - dataTypes?: AwsS3DataConnectorDataTypes; -}; +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; // @public -export interface AwsS3DataConnectorDataTypes { - logs: AwsS3DataConnectorDataTypesLogs; +export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions { } // @public -export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; - -// @public -export type AzureResourceEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly resourceId?: string; - readonly subscriptionId?: string; -}; +export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions { +} // @public -export type AzureResourceEntityProperties = EntityCommonProperties & { - readonly resourceId?: string; - readonly subscriptionId?: string; -}; +export type DataConnectorsGetResponse = DataConnectorUnion; // @public -export type Bookmark = ResourceWithEtag & { - created?: Date; - createdBy?: UserInfo; - displayName?: string; - labels?: string[]; - notes?: string; - query?: string; - queryResult?: string; - updated?: Date; - updatedBy?: UserInfo; - eventTime?: Date; - queryStartTime?: Date; - queryEndTime?: Date; - incidentInfo?: IncidentInfo; -}; +export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions { +} // @public -export type BookmarkExpandOperationResponse = BookmarkExpandResponse; +export type DataConnectorsListNextResponse = DataConnectorList; // @public -export interface BookmarkExpandOptionalParams extends coreClient.OperationOptions { +export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions { } // @public -export interface BookmarkExpandParameters { - endTime?: Date; - expansionId?: string; - startTime?: Date; -} +export type DataConnectorsListResponse = DataConnectorList; // @public -export interface BookmarkExpandResponse { - metaData?: ExpansionResultsMetadata; - value?: BookmarkExpandResponseValue; +export interface DataConnectorTenantId { + tenantId?: string; } -// @public -export interface BookmarkExpandResponseValue { - edges?: ConnectedEntity[]; - entities?: EntityUnion[]; -} +// @public (undocumented) +export type DataConnectorUnion = DataConnector | AADDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | McasDataConnector | MdatpDataConnector | TIDataConnector | OfficeDataConnector; // @public -export interface BookmarkList { - readonly nextLink?: string; - value: Bookmark[]; +export interface DataConnectorWithAlertsProperties { + dataTypes?: AlertsDataTypeOfDataConnector; } // @public -export interface BookmarkOperations { - expand(resourceGroupName: string, workspaceName: string, bookmarkId: string, parameters: BookmarkExpandParameters, options?: BookmarkExpandOptionalParams): Promise; -} +export type DataTypeState = string; // @public -export interface BookmarkRelations { - createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, relation: Relation, options?: BookmarkRelationsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarkRelationsListOptionalParams): PagedAsyncIterableIterator; +export interface ErrorAdditionalInfo { + readonly info?: Record; + readonly type?: string; } // @public -export interface BookmarkRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +export interface ErrorResponse { + readonly additionalInfo?: ErrorAdditionalInfo[]; + readonly code?: string; + readonly details?: ErrorResponse[]; + readonly message?: string; + readonly target?: string; } // @public -export type BookmarkRelationsCreateOrUpdateResponse = Relation; +export type FusionAlertRule = AlertRule & { + alertRuleTemplateName?: string; + readonly description?: string; + readonly displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + readonly severity?: AlertSeverity; + readonly tactics?: AttackTactic[]; +}; // @public -export interface BookmarkRelationsDeleteOptionalParams extends coreClient.OperationOptions { -} +export type FusionAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + severity?: AlertSeverity; + tactics?: AttackTactic[]; +}; // @public -export interface BookmarkRelationsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarkRelationsGetResponse = Relation; - -// @public -export interface BookmarkRelationsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type BookmarkRelationsListNextResponse = RelationList; - -// @public -export interface BookmarkRelationsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type BookmarkRelationsListResponse = RelationList; - -// @public -export interface Bookmarks { - createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, bookmark: Bookmark, options?: BookmarksCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: BookmarksListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface BookmarksCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarksCreateOrUpdateResponse = Bookmark; - -// @public -export interface BookmarksDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface BookmarksGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarksGetResponse = Bookmark; - -// @public -export interface BookmarksListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarksListNextResponse = BookmarkList; - -// @public -export interface BookmarksListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarksListResponse = BookmarkList; - -// @public -export type BookmarkTimelineItem = EntityTimelineItem & { - kind: "Bookmark"; - azureResourceId: string; - displayName?: string; - notes?: string; - endTimeUtc?: Date; - startTimeUtc?: Date; - eventTime?: Date; - createdBy?: UserInfo; - labels?: string[]; -}; - -// @public -export interface ClientInfo { - email?: string; - name?: string; - objectId?: string; - userPrincipalName?: string; -} - -// @public -export type CloudApplicationEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly appId?: number; - readonly appName?: string; - readonly instanceName?: string; -}; - -// @public -export type CloudApplicationEntityProperties = EntityCommonProperties & { - readonly appId?: number; - readonly appName?: string; - readonly instanceName?: string; -}; - -// @public -export interface CloudError { - error?: CloudErrorBody; -} - -// @public -export interface CloudErrorBody { - readonly code?: string; - readonly message?: string; -} - -// @public -export type CodelessApiPollingDataConnector = DataConnector & { - connectorUiConfig?: CodelessUiConnectorConfigProperties; - pollingConfig?: CodelessConnectorPollingConfigProperties; -}; - -// @public -export interface CodelessConnectorPollingAuthProperties { - apiKeyIdentifier?: string; - apiKeyName?: string; - authorizationEndpoint?: string; - authorizationEndpointQueryParameters?: Record; - authType: string; - flowName?: string; - isApiKeyInPostPayload?: string; - isClientSecretInHeader?: boolean; - redirectionEndpoint?: string; - scope?: string; - tokenEndpoint?: string; - tokenEndpointHeaders?: Record; - tokenEndpointQueryParameters?: Record; -} - -// @public -export interface CodelessConnectorPollingConfigProperties { - auth: CodelessConnectorPollingAuthProperties; - isActive?: boolean; - paging?: CodelessConnectorPollingPagingProperties; - request: CodelessConnectorPollingRequestProperties; - response?: CodelessConnectorPollingResponseProperties; -} - -// @public -export interface CodelessConnectorPollingPagingProperties { - nextPageParaName?: string; - nextPageTokenJsonPath?: string; - pageCountAttributePath?: string; - pageSize?: number; - pageSizeParaName?: string; - pageTimeStampAttributePath?: string; - pageTotalCountAttributePath?: string; - pagingType: string; - searchTheLatestTimeStampFromEventsList?: string; -} - -// @public -export interface CodelessConnectorPollingRequestProperties { - apiEndpoint: string; - endTimeAttributeName?: string; - headers?: Record; - httpMethod: string; - queryParameters?: Record; - queryParametersTemplate?: string; - queryTimeFormat: string; - queryWindowInMin: number; - rateLimitQps?: number; - retryCount?: number; - startTimeAttributeName?: string; - timeoutInSeconds?: number; -} - -// @public -export interface CodelessConnectorPollingResponseProperties { - eventsJsonPaths: string[]; - isGzipCompressed?: boolean; - successStatusJsonPath?: string; - successStatusValue?: string; -} - -// @public -export interface CodelessUiConnectorConfigProperties { - availability: Availability; - connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[]; - customImage?: string; - dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[]; - descriptionMarkdown: string; - graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[]; - graphQueriesTableName: string; - instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[]; - permissions: Permissions_2; - publisher: string; - sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[]; - title: string; -} - -// @public (undocumented) -export type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {}; - -// @public (undocumented) -export type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {}; - -// @public (undocumented) -export type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {}; - -// @public (undocumented) -export type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {}; - -// @public (undocumented) -export type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {}; - -// @public -export type CodelessUiDataConnector = DataConnector & { - connectorUiConfig?: CodelessUiConnectorConfigProperties; -}; - -// @public -export type ConfidenceLevel = string; - -// @public -export type ConfidenceScoreStatus = string; - -// @public -export type ConnectAuthKind = string; - -// @public -export interface ConnectedEntity { - additionalData?: Record; - targetEntityId?: string; -} - -// @public -export interface ConnectivityCriteria { - type?: ConnectivityType; - value?: string[]; -} - -// @public -export type ConnectivityType = string; - -// @public -export interface ConnectorInstructionModelBase { - parameters?: Record; - type: SettingType; -} - -// @public -export interface ContentPathMap { - contentType?: ContentType; - path?: string; -} - -// @public -export type ContentType = string; - -// @public -export type CreatedByType = string; - -// @public -export type CustomEntityQuery = ResourceWithEtag & { - kind: CustomEntityQueryKind; -}; - -// @public -export type CustomEntityQueryKind = string; - -// @public (undocumented) -export type CustomEntityQueryUnion = CustomEntityQuery | ActivityCustomEntityQuery; - -// @public -export type Customs = CustomsPermission & {}; - -// @public -export interface CustomsPermission { - description?: string; - name?: string; -} - -// @public -export type DataConnector = ResourceWithEtag & { - kind: DataConnectorKind; -}; - -// @public -export type DataConnectorAuthorizationState = string; - -// @public -export interface DataConnectorConnectBody { - apiKey?: string; - authorizationCode?: string; - clientId?: string; - clientSecret?: string; - kind?: ConnectAuthKind; - password?: string; - // (undocumented) - requestConfigUserInputValues?: Record[]; - userName?: string; -} - -// @public -export interface DataConnectorDataTypeCommon { - state: DataTypeState; -} - -// @public -export type DataConnectorKind = string; - -// @public -export type DataConnectorLicenseState = string; - -// @public -export interface DataConnectorList { - readonly nextLink?: string; - value: DataConnectorUnion[]; -} - -// @public -export interface DataConnectorRequirementsState { - authorizationState?: DataConnectorAuthorizationState; - licenseState?: DataConnectorLicenseState; -} - -// @public -export interface DataConnectors { - connect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, connectBody: DataConnectorConnectBody, options?: DataConnectorsConnectOptionalParams): Promise; - createOrUpdate(resourceGroupName: string, workspaceName: string, dataConnectorId: string, dataConnector: DataConnectorUnion, options?: DataConnectorsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams): Promise; - disconnect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDisconnectOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: DataConnectorsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; -} - -// @public -export interface DataConnectorsCheckRequirementsOperations { - post(resourceGroupName: string, workspaceName: string, dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, options?: DataConnectorsCheckRequirementsPostOptionalParams): Promise; -} - -// @public -export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - -// @public (undocumented) -export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; - -// @public -export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface DataConnectorsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; - -// @public -export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface DataConnectorsDisconnectOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DataConnectorsGetResponse = DataConnectorUnion; - -// @public -export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DataConnectorsListNextResponse = DataConnectorList; - -// @public -export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DataConnectorsListResponse = DataConnectorList; - -// @public -export interface DataConnectorTenantId { - tenantId: string; -} - -// @public (undocumented) -export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; - -// @public -export interface DataConnectorWithAlertsProperties { - dataTypes?: AlertsDataTypeOfDataConnector; -} - -// @public -export interface DataTypeDefinitions { - dataType?: string; -} - -// @public -export type DataTypeState = string; - -// @public -export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Blocked" | "Replaced"; - -// @public -export type DeliveryLocation = "Unknown" | "Inbox" | "JunkFolder" | "DeletedFolder" | "Quarantine" | "External" | "Failed" | "Dropped" | "Forwarded"; - -// @public -export type DnsEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly dnsServerIpEntityId?: string; - readonly domainName?: string; - readonly hostIpAddressEntityId?: string; - readonly ipAddressEntityIds?: string[]; -}; - -// @public -export type DnsEntityProperties = EntityCommonProperties & { - readonly dnsServerIpEntityId?: string; - readonly domainName?: string; - readonly hostIpAddressEntityId?: string; - readonly ipAddressEntityIds?: string[]; -}; - -// @public -export interface DomainWhois { - get(resourceGroupName: string, domain: string, options?: DomainWhoisGetOptionalParams): Promise; -} - -// @public -export interface DomainWhoisGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DomainWhoisGetResponse = EnrichmentDomainWhois; - -// @public -export type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & { - kind: "Dynamics365"; - tenantId?: string; -}; - -// @public -export type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type Dynamics365DataConnector = DataConnector & { - tenantId?: string; - dataTypes?: Dynamics365DataConnectorDataTypes; -}; - -// @public -export interface Dynamics365DataConnectorDataTypes { - dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; -} - -// @public -export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; - -// @public -export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { - dataTypes: Dynamics365DataConnectorDataTypes; -}; - -// @public -export type ElevationToken = "Default" | "Full" | "Limited"; - -// @public -export interface EnrichmentDomainWhois { - created?: Date; - domain?: string; - expires?: Date; - parsedWhois?: EnrichmentDomainWhoisDetails; - server?: string; - updated?: Date; -} - -// @public -export interface EnrichmentDomainWhoisContact { - city?: string; - country?: string; - email?: string; - fax?: string; - name?: string; - org?: string; - phone?: string; - postal?: string; - state?: string; - street?: string[]; -} - -// @public -export interface EnrichmentDomainWhoisContacts { - admin?: EnrichmentDomainWhoisContact; - billing?: EnrichmentDomainWhoisContact; - registrant?: EnrichmentDomainWhoisContact; - tech?: EnrichmentDomainWhoisContact; -} - -// @public -export interface EnrichmentDomainWhoisDetails { - contacts?: EnrichmentDomainWhoisContacts; - nameServers?: string[]; - registrar?: EnrichmentDomainWhoisRegistrarDetails; - statuses?: string[]; -} - -// @public -export interface EnrichmentDomainWhoisRegistrarDetails { - abuseContactEmail?: string; - abuseContactPhone?: string; - ianaId?: string; - name?: string; - url?: string; - whoisServer?: string; -} - -// @public -export interface EnrichmentIpGeodata { - asn?: string; - carrier?: string; - city?: string; - cityCf?: number; - continent?: string; - country?: string; - countryCf?: number; - ipAddr?: string; - ipRoutingType?: string; - latitude?: string; - longitude?: string; - organization?: string; - organizationType?: string; - region?: string; - state?: string; - stateCf?: number; - stateCode?: string; -} - -// @public -export interface Entities { - expand(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityExpandParameters, options?: EntitiesExpandOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesGetOptionalParams): Promise; - getInsights(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityGetInsightsParameters, options?: EntitiesGetInsightsOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: EntitiesListOptionalParams): PagedAsyncIterableIterator; - queries(resourceGroupName: string, workspaceName: string, entityId: string, kind: EntityItemQueryKind, options?: EntitiesQueriesOptionalParams): Promise; -} - -// @public -export interface EntitiesExpandOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesExpandResponse = EntityExpandResponse; - -// @public -export interface EntitiesGetInsightsOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesGetInsightsResponse = EntityGetInsightsResponse; - -// @public -export interface EntitiesGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesGetResponse = EntityUnion; - -// @public -export interface EntitiesGetTimeline { - list(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityTimelineParameters, options?: EntitiesGetTimelineListOptionalParams): Promise; -} - -// @public -export interface EntitiesGetTimelineListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesGetTimelineListResponse = EntityTimelineResponse; - -// @public -export interface EntitiesListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesListNextResponse = EntityList; - -// @public -export interface EntitiesListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesListResponse = EntityList; - -// @public -export interface EntitiesQueriesOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntitiesQueriesResponse = GetQueriesResponse; - -// @public -export interface EntitiesRelations { - list(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesRelationsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface EntitiesRelationsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type EntitiesRelationsListNextResponse = RelationList; - -// @public -export interface EntitiesRelationsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type EntitiesRelationsListResponse = RelationList; - -// @public -export type Entity = Resource & { - kind: EntityKind; -}; - -// @public -export type EntityAnalytics = Settings & { - readonly isEnabled?: boolean; -}; - -// @public -export interface EntityCommonProperties { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; -} - -// @public -export interface EntityEdges { - additionalData?: { - [propertyName: string]: Record; - }; - targetEntityId?: string; -} - -// @public -export interface EntityExpandParameters { - endTime?: Date; - expansionId?: string; - startTime?: Date; -} - -// @public -export interface EntityExpandResponse { - metaData?: ExpansionResultsMetadata; - value?: EntityExpandResponseValue; -} - -// @public -export interface EntityExpandResponseValue { - edges?: EntityEdges[]; - entities?: EntityUnion[]; -} - -// @public -export interface EntityGetInsightsParameters { - addDefaultExtendedTimeRange?: boolean; - endTime: Date; - insightQueryIds?: string[]; - startTime: Date; -} - -// @public -export interface EntityGetInsightsResponse { - metaData?: GetInsightsResultsMetadata; - value?: EntityInsightItem[]; -} - -// @public -export interface EntityInsightItem { - chartQueryResults?: InsightsTableResult[]; - queryId?: string; - queryTimeInterval?: EntityInsightItemQueryTimeInterval; - tableQueryResults?: InsightsTableResult; -} - -// @public -export interface EntityInsightItemQueryTimeInterval { - endTime?: Date; - startTime?: Date; -} - -// @public -export type EntityItemQueryKind = string; - -// @public -export type EntityKind = string; - -// @public -export interface EntityList { - readonly nextLink?: string; - value: EntityUnion[]; -} - -// @public -export interface EntityMapping { - entityType?: EntityMappingType; - fieldMappings?: FieldMapping[]; -} - -// @public -export type EntityMappingType = string; - -// @public -export interface EntityQueries { - createOrUpdate(resourceGroupName: string, workspaceName: string, entityQueryId: string, entityQuery: CustomEntityQueryUnion, options?: EntityQueriesCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: EntityQueriesListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface EntityQueriesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; - -// @public -export interface EntityQueriesDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface EntityQueriesGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntityQueriesGetResponse = EntityQueryUnion; - -// @public -export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; -} - -// @public -export type EntityQueriesListNextResponse = EntityQueryList; - -// @public -export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; -} - -// @public -export type EntityQueriesListResponse = EntityQueryList; - -// @public -export type EntityQuery = ResourceWithEtag & { - kind: EntityQueryKind; -}; - -// @public -export interface EntityQueryItem { - readonly id?: string; - kind: "Insight"; - name?: string; - type?: string; -} - -// @public -export interface EntityQueryItemProperties { - dataTypes?: EntityQueryItemPropertiesDataTypesItem[]; - entitiesFilter?: Record; - inputEntityType?: EntityType; - requiredInputFieldsSets?: string[][]; -} - -// @public (undocumented) -export interface EntityQueryItemPropertiesDataTypesItem { - dataType?: string; -} - -// @public (undocumented) -export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; - -// @public -export type EntityQueryKind = string; - -// @public -export interface EntityQueryList { - readonly nextLink?: string; - value: EntityQueryUnion[]; -} - -// @public -export type EntityQueryTemplate = Resource & { - kind: EntityQueryTemplateKind; -}; - -// @public -export type EntityQueryTemplateKind = string; - -// @public -export interface EntityQueryTemplateList { - readonly nextLink?: string; - value: EntityQueryTemplateUnion[]; -} - -// @public -export interface EntityQueryTemplates { - get(resourceGroupName: string, workspaceName: string, entityQueryTemplateId: string, options?: EntityQueryTemplatesGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: EntityQueryTemplatesListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface EntityQueryTemplatesGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; - -// @public -export interface EntityQueryTemplatesListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; - -// @public -export interface EntityQueryTemplatesListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; - -// @public (undocumented) -export type EntityQueryTemplateUnion = EntityQueryTemplate | ActivityEntityQueryTemplate; - -// @public (undocumented) -export type EntityQueryUnion = EntityQuery | ExpansionEntityQuery | ActivityEntityQuery; - -// @public -export interface EntityRelations { - getRelation(resourceGroupName: string, workspaceName: string, entityId: string, relationName: string, options?: EntityRelationsGetRelationOptionalParams): Promise; -} - -// @public -export interface EntityRelationsGetRelationOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type EntityRelationsGetRelationResponse = Relation; - -// @public -export interface EntityTimelineItem { - kind: "Activity" | "Bookmark" | "SecurityAlert"; -} - -// @public (undocumented) -export type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem; - -// @public -export type EntityTimelineKind = string; - -// @public -export interface EntityTimelineParameters { - endTime: Date; - kinds?: EntityTimelineKind[]; - numberOfBucket?: number; - startTime: Date; -} - -// @public -export interface EntityTimelineResponse { - metaData?: TimelineResultsMetadata; - value?: EntityTimelineItemUnion[]; -} - -// @public -export type EntityType = string; - -// @public (undocumented) -export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; - -// @public -export type Enum8 = string; - -// @public -export interface ErrorAdditionalInfo { - readonly info?: Record; - readonly type?: string; -} - -// @public -export interface ErrorDetail { - readonly additionalInfo?: ErrorAdditionalInfo[]; - readonly code?: string; - readonly details?: ErrorDetail[]; - readonly message?: string; - readonly target?: string; -} - -// @public -export interface ErrorResponse { - error?: ErrorDetail; -} - -// @public -export type EventGroupingAggregationKind = string; - -// @public -export interface EventGroupingSettings { - aggregationKind?: EventGroupingAggregationKind; -} - -// @public -export type ExpansionEntityQuery = EntityQuery & { - dataSources?: string[]; - displayName?: string; - inputEntityType?: EntityType; - inputFields?: string[]; - outputEntityTypes?: EntityType[]; - queryTemplate?: string; -}; - -// @public -export interface ExpansionResultAggregation { - aggregationType?: string; - count: number; - displayName?: string; - entityKind: EntityKind; -} - -// @public -export interface ExpansionResultsMetadata { - aggregations?: ExpansionResultAggregation[]; -} - -// @public -export type EyesOn = Settings & { - readonly isEnabled?: boolean; -}; - -// @public -export interface FieldMapping { - columnName?: string; - identifier?: string; -} - -// @public -export type FileEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly directory?: string; - readonly fileHashEntityIds?: string[]; - readonly fileName?: string; - readonly hostEntityId?: string; -}; - -// @public -export type FileEntityProperties = EntityCommonProperties & { - readonly directory?: string; - readonly fileHashEntityIds?: string[]; - readonly fileName?: string; - readonly hostEntityId?: string; -}; - -// @public -export type FileHashAlgorithm = string; - -// @public -export type FileHashEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly algorithm?: FileHashAlgorithm; - readonly hashValue?: string; -}; - -// @public -export type FileHashEntityProperties = EntityCommonProperties & { - readonly algorithm?: FileHashAlgorithm; - readonly hashValue?: string; -}; - -// @public -export type FusionAlertRule = AlertRule & { - alertRuleTemplateName?: string; - readonly description?: string; - readonly displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - readonly severity?: AlertSeverity; - readonly tactics?: AttackTactic[]; -}; - -// @public -export type FusionAlertRuleTemplate = AlertRuleTemplate & { - alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; - severity?: AlertSeverity; - tactics?: AttackTactic[]; -}; - -// @public -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - severity: AlertSeverity; - tactics?: AttackTactic[]; -}; - -// @public -export interface GeoLocation { - readonly asn?: number; - readonly city?: string; - readonly countryCode?: string; - readonly countryName?: string; - readonly latitude?: number; - readonly longitude?: number; - readonly state?: string; -} - -// @public -export interface GetInsightsError { - errorMessage: string; - kind: "Insight"; - queryId?: string; -} - -// @public -export interface GetInsightsResultsMetadata { - errors?: GetInsightsError[]; - totalCount: number; -} - -// @public -export interface GetQueriesResponse { - value?: EntityQueryItemUnion[]; -} - -// @public -export interface GraphQueries { - baseQuery?: string; - legend?: string; - metricName?: string; -} - -// @public -export interface GroupingConfiguration { - enabled: boolean; - groupByAlertDetails?: AlertDetail[]; - groupByCustomDetails?: string[]; - groupByEntities?: EntityMappingType[]; - lookbackDuration: string; - matchingMethod: MatchingMethod; - reopenClosedIncident: boolean; -} - -// @public -export type HostEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly azureID?: string; - readonly dnsDomain?: string; - readonly hostName?: string; - readonly isDomainJoined?: boolean; - readonly netBiosName?: string; - readonly ntDomain?: string; - readonly omsAgentID?: string; - osFamily?: OSFamily; - readonly osVersion?: string; -}; - -// @public -export type HostEntityProperties = EntityCommonProperties & { - readonly azureID?: string; - readonly dnsDomain?: string; - readonly hostName?: string; - readonly isDomainJoined?: boolean; - readonly netBiosName?: string; - readonly ntDomain?: string; - readonly omsAgentID?: string; - osFamily?: OSFamily; - readonly osVersion?: string; -}; - -// @public -export type HuntingBookmark = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - created?: Date; - createdBy?: UserInfo; - displayName?: string; - eventTime?: Date; - labels?: string[]; - notes?: string; - query?: string; - queryResult?: string; - updated?: Date; - updatedBy?: UserInfo; - incidentInfo?: IncidentInfo; -}; - -// @public -export type HuntingBookmarkProperties = EntityCommonProperties & { - created?: Date; - createdBy?: UserInfo; - displayName: string; - eventTime?: Date; - labels?: string[]; - notes?: string; - query: string; - queryResult?: string; - updated?: Date; - updatedBy?: UserInfo; - incidentInfo?: IncidentInfo; -}; - -// @public -export type Incident = ResourceWithEtag & { - readonly additionalData?: IncidentAdditionalData; - classification?: IncidentClassification; - classificationComment?: string; - classificationReason?: IncidentClassificationReason; - readonly createdTimeUtc?: Date; - description?: string; - firstActivityTimeUtc?: Date; - readonly incidentUrl?: string; - readonly incidentNumber?: number; - labels?: IncidentLabel[]; - providerName?: string; - providerIncidentId?: string; - lastActivityTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; - owner?: IncidentOwnerInfo; - readonly relatedAnalyticRuleIds?: string[]; - severity?: IncidentSeverity; - status?: IncidentStatus; - teamInformation?: TeamInformation; - title?: string; -}; - -// @public -export interface IncidentAdditionalData { - readonly alertProductNames?: string[]; - readonly alertsCount?: number; - readonly bookmarksCount?: number; - readonly commentsCount?: number; - readonly tactics?: AttackTactic[]; -} - -// @public -export interface IncidentAlertList { - value: SecurityAlert[]; -} - -// @public -export interface IncidentBookmarkList { - value: HuntingBookmark[]; -} - -// @public -export type IncidentClassification = string; - -// @public -export type IncidentClassificationReason = string; - -// @public -export type IncidentComment = ResourceWithEtag & { - readonly createdTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; - message?: string; - readonly author?: ClientInfo; -}; - -// @public -export interface IncidentCommentList { - readonly nextLink?: string; - value: IncidentComment[]; -} - -// @public -export interface IncidentComments { - createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, options?: IncidentCommentsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentCommentsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface IncidentCommentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentCommentsCreateOrUpdateResponse = IncidentComment; - -// @public -export interface IncidentCommentsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentCommentsGetResponse = IncidentComment; - -// @public -export interface IncidentCommentsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentCommentsListNextResponse = IncidentCommentList; - -// @public -export interface IncidentCommentsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentCommentsListResponse = IncidentCommentList; - -// @public -export interface IncidentConfiguration { - createIncident: boolean; - groupingConfiguration?: GroupingConfiguration; -} - -// @public -export interface IncidentEntitiesResponse { - entities?: EntityUnion[]; - metaData?: IncidentEntitiesResultsMetadata[]; -} - -// @public -export interface IncidentEntitiesResultsMetadata { - count: number; - entityKind: EntityKind; -} - -// @public -export interface IncidentInfo { - incidentId?: string; - relationName?: string; - severity?: IncidentSeverity; - title?: string; -} - -// @public -export interface IncidentLabel { - labelName: string; - readonly labelType?: IncidentLabelType; -} - -// @public -export type IncidentLabelType = string; - -// @public -export interface IncidentList { - readonly nextLink?: string; - value: Incident[]; -} - -// @public -export interface IncidentOwnerInfo { - assignedTo?: string; - email?: string; - objectId?: string; - readonly ownerType?: OwnerType; - userPrincipalName?: string; -} - -// @public -export interface IncidentRelations { - createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Relation, options?: IncidentRelationsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentRelationsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface IncidentRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentRelationsCreateOrUpdateResponse = Relation; - -// @public -export interface IncidentRelationsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface IncidentRelationsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentRelationsGetResponse = Relation; - -// @public -export interface IncidentRelationsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentRelationsListNextResponse = RelationList; - -// @public -export interface IncidentRelationsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentRelationsListResponse = RelationList; - -// @public -export interface Incidents { - createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise; - createTeam(resourceGroupName: string, workspaceName: string, incidentId: string, teamProperties: TeamProperties, options?: IncidentsCreateTeamOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator; - listAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListAlertsOptionalParams): Promise; - listBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListBookmarksOptionalParams): Promise; - listEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListEntitiesOptionalParams): Promise; -} - -// @public -export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsCreateOrUpdateResponse = Incident; - -// @public -export interface IncidentsCreateTeamOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsCreateTeamResponse = TeamInformation; - -// @public -export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentSeverity = string; - -// @public -export interface IncidentsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsGetResponse = Incident; - -// @public -export interface IncidentsListAlertsOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsListAlertsResponse = IncidentAlertList; - -// @public -export interface IncidentsListBookmarksOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsListBookmarksResponse = IncidentBookmarkList; - -// @public -export interface IncidentsListEntitiesOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; - -// @public -export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentsListNextResponse = IncidentList; - -// @public -export interface IncidentsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentsListResponse = IncidentList; - -// @public -export type IncidentStatus = string; - -// @public -export type InsightQueryItem = EntityQueryItem & { - kind: "Insight"; - properties?: InsightQueryItemProperties; -}; - -// @public -export type InsightQueryItemProperties = EntityQueryItemProperties & { - displayName?: string; - description?: string; - baseQuery?: string; - tableQuery?: InsightQueryItemPropertiesTableQuery; - chartQuery?: Record; - additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; - defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; - referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; -}; - -// @public -export interface InsightQueryItemPropertiesAdditionalQuery { - query?: string; - text?: string; -} - -// @public -export interface InsightQueryItemPropertiesDefaultTimeRange { - afterRange?: string; - beforeRange?: string; -} - -// @public -export interface InsightQueryItemPropertiesReferenceTimeRange { - beforeRange?: string; -} - -// @public -export interface InsightQueryItemPropertiesTableQuery { - columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[]; - queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[]; -} - -// @public (undocumented) -export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { - header?: string; - outputType?: OutputType; - supportDeepLink?: boolean; -} - -// @public (undocumented) -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { - filter?: string; - linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[]; - project?: string; - summarize?: string; -} - -// @public (undocumented) -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { - projectedName?: string; - query?: string; -} - -// @public -export interface InsightsTableResult { - columns?: InsightsTableResultColumnsItem[]; - rows?: string[][]; -} - -// @public (undocumented) -export interface InsightsTableResultColumnsItem { - name?: string; - type?: string; -} - -// @public -export interface InstructionSteps { - description?: string; - instructions?: InstructionStepsInstructionsItem[]; - title?: string; -} - -// @public (undocumented) -export type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {}; - -// @public -export type IoTDeviceEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly deviceId?: string; - readonly deviceName?: string; - readonly source?: string; - readonly iotSecurityAgentId?: string; - readonly deviceType?: string; - readonly vendor?: string; - readonly edgeId?: string; - readonly macAddress?: string; - readonly model?: string; - readonly serialNumber?: string; - readonly firmwareVersion?: string; - readonly operatingSystem?: string; - readonly iotHubEntityId?: string; - readonly hostEntityId?: string; - readonly ipAddressEntityId?: string; - readonly threatIntelligence?: ThreatIntelligence[]; - readonly protocols?: string[]; -}; - -// @public -export type IoTDeviceEntityProperties = EntityCommonProperties & { - readonly deviceId?: string; - readonly deviceName?: string; - readonly source?: string; - readonly iotSecurityAgentId?: string; - readonly deviceType?: string; - readonly vendor?: string; - readonly edgeId?: string; - readonly macAddress?: string; - readonly model?: string; - readonly serialNumber?: string; - readonly firmwareVersion?: string; - readonly operatingSystem?: string; - readonly iotHubEntityId?: string; - readonly hostEntityId?: string; - readonly ipAddressEntityId?: string; - readonly threatIntelligence?: ThreatIntelligence[]; - readonly protocols?: string[]; -}; - -// @public -export type IpEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly address?: string; - readonly location?: GeoLocation; - readonly threatIntelligence?: ThreatIntelligence[]; -}; - -// @public -export type IpEntityProperties = EntityCommonProperties & { - readonly address?: string; - readonly location?: GeoLocation; - readonly threatIntelligence?: ThreatIntelligence[]; -}; - -// @public -export interface IPGeodata { - get(resourceGroupName: string, ipAddress: string, options?: IPGeodataGetOptionalParams): Promise; -} - -// @public -export interface IPGeodataGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IPGeodataGetResponse = EnrichmentIpGeodata; - -// @public -export type KillChainIntent = string; - -// @public -export type Kind = string; - -// @public -export enum KnownAlertDetail { - DisplayName = "DisplayName", - Severity = "Severity" -} - -// @public -export enum KnownAlertRuleKind { - // (undocumented) - Fusion = "Fusion", - // (undocumented) - MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", - // (undocumented) - MLBehaviorAnalytics = "MLBehaviorAnalytics", - // (undocumented) - NRT = "NRT", - // (undocumented) - Scheduled = "Scheduled", - // (undocumented) - ThreatIntelligence = "ThreatIntelligence" -} - -// @public -export enum KnownAlertSeverity { - High = "High", - Informational = "Informational", - Low = "Low", - Medium = "Medium" -} - -// @public -export enum KnownAlertStatus { - Dismissed = "Dismissed", - InProgress = "InProgress", - New = "New", - Resolved = "Resolved", - Unknown = "Unknown" -} - -// @public -export enum KnownAntispamMailDirection { - Inbound = "Inbound", - Intraorg = "Intraorg", - Outbound = "Outbound", - Unknown = "Unknown" -} - -// @public -export enum KnownAttackTactic { - // (undocumented) - Collection = "Collection", - // (undocumented) - CommandAndControl = "CommandAndControl", - // (undocumented) - CredentialAccess = "CredentialAccess", - // (undocumented) - DefenseEvasion = "DefenseEvasion", - // (undocumented) - Discovery = "Discovery", - // (undocumented) - Execution = "Execution", - // (undocumented) - Exfiltration = "Exfiltration", - // (undocumented) - Impact = "Impact", - // (undocumented) - InitialAccess = "InitialAccess", - // (undocumented) - LateralMovement = "LateralMovement", - // (undocumented) - Persistence = "Persistence", - // (undocumented) - PreAttack = "PreAttack", - // (undocumented) - PrivilegeEscalation = "PrivilegeEscalation" -} - -// @public -export enum KnownAutomationRuleActionType { - ModifyProperties = "ModifyProperties", - RunPlaybook = "RunPlaybook" -} - -// @public -export enum KnownAutomationRuleConditionType { - Property = "Property" -} - -// @public -export enum KnownAutomationRulePropertyConditionSupportedOperator { - Contains = "Contains", - EndsWith = "EndsWith", - Equals = "Equals", - NotContains = "NotContains", - NotEndsWith = "NotEndsWith", - NotEquals = "NotEquals", - NotStartsWith = "NotStartsWith", - StartsWith = "StartsWith" -} - -// @public -export enum KnownAutomationRulePropertyConditionSupportedProperty { - AccountAadTenantId = "AccountAadTenantId", - AccountAadUserId = "AccountAadUserId", - AccountName = "AccountName", - AccountNTDomain = "AccountNTDomain", - AccountObjectGuid = "AccountObjectGuid", - AccountPuid = "AccountPUID", - AccountSid = "AccountSid", - AccountUPNSuffix = "AccountUPNSuffix", - AzureResourceResourceId = "AzureResourceResourceId", - AzureResourceSubscriptionId = "AzureResourceSubscriptionId", - CloudApplicationAppId = "CloudApplicationAppId", - CloudApplicationAppName = "CloudApplicationAppName", - DNSDomainName = "DNSDomainName", - FileDirectory = "FileDirectory", - FileHashValue = "FileHashValue", - FileName = "FileName", - HostAzureID = "HostAzureID", - HostName = "HostName", - HostNetBiosName = "HostNetBiosName", - HostNTDomain = "HostNTDomain", - HostOSVersion = "HostOSVersion", - IncidentDescription = "IncidentDescription", - IncidentProviderName = "IncidentProviderName", - IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", - IncidentSeverity = "IncidentSeverity", - IncidentStatus = "IncidentStatus", - IncidentTactics = "IncidentTactics", - IncidentTitle = "IncidentTitle", - IoTDeviceId = "IoTDeviceId", - IoTDeviceModel = "IoTDeviceModel", - IoTDeviceName = "IoTDeviceName", - IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem", - IoTDeviceType = "IoTDeviceType", - IoTDeviceVendor = "IoTDeviceVendor", - IPAddress = "IPAddress", - MailboxDisplayName = "MailboxDisplayName", - MailboxPrimaryAddress = "MailboxPrimaryAddress", - MailboxUPN = "MailboxUPN", - MailMessageDeliveryAction = "MailMessageDeliveryAction", - MailMessageDeliveryLocation = "MailMessageDeliveryLocation", - MailMessageP1Sender = "MailMessageP1Sender", - MailMessageP2Sender = "MailMessageP2Sender", - MailMessageRecipient = "MailMessageRecipient", - MailMessageSenderIP = "MailMessageSenderIP", - MailMessageSubject = "MailMessageSubject", - MalwareCategory = "MalwareCategory", - MalwareName = "MalwareName", - ProcessCommandLine = "ProcessCommandLine", - ProcessId = "ProcessId", - RegistryKey = "RegistryKey", - RegistryValueData = "RegistryValueData", - Url = "Url" -} - -// @public -export enum KnownConfidenceLevel { - High = "High", - Low = "Low", - Unknown = "Unknown" -} - -// @public -export enum KnownConfidenceScoreStatus { - Final = "Final", - InProcess = "InProcess", - NotApplicable = "NotApplicable", - NotFinal = "NotFinal" -} - -// @public -export enum KnownConnectAuthKind { - // (undocumented) - APIKey = "APIKey", - // (undocumented) - Basic = "Basic", - // (undocumented) - OAuth2 = "OAuth2" -} - -// @public -export enum KnownConnectivityType { - // (undocumented) - IsConnectedQuery = "IsConnectedQuery" -} - -// @public -export enum KnownContentType { - // (undocumented) - AnalyticRule = "AnalyticRule", - // (undocumented) - Workbook = "Workbook" -} - -// @public -export enum KnownCreatedByType { - // (undocumented) - Application = "Application", - // (undocumented) - Key = "Key", - // (undocumented) - ManagedIdentity = "ManagedIdentity", - // (undocumented) - User = "User" -} - -// @public -export enum KnownCustomEntityQueryKind { - // (undocumented) - Activity = "Activity" -} - -// @public -export enum KnownDataConnectorAuthorizationState { - // (undocumented) - Invalid = "Invalid", - // (undocumented) - Valid = "Valid" -} - -// @public -export enum KnownDataConnectorKind { - // (undocumented) - AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", - // (undocumented) - AmazonWebServicesS3 = "AmazonWebServicesS3", - // (undocumented) - APIPolling = "APIPolling", - // (undocumented) - AzureActiveDirectory = "AzureActiveDirectory", - // (undocumented) - AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", - // (undocumented) - AzureSecurityCenter = "AzureSecurityCenter", - // (undocumented) - Dynamics365 = "Dynamics365", - // (undocumented) - GenericUI = "GenericUI", - // (undocumented) - MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", - // (undocumented) - MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", - // (undocumented) - MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", - // (undocumented) - MicrosoftThreatProtection = "MicrosoftThreatProtection", - // (undocumented) - Office365 = "Office365", - // (undocumented) - OfficeATP = "OfficeATP", - // (undocumented) - OfficeIRM = "OfficeIRM", - // (undocumented) - ThreatIntelligence = "ThreatIntelligence", - // (undocumented) - ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii" -} - -// @public -export enum KnownDataConnectorLicenseState { - // (undocumented) - Invalid = "Invalid", - // (undocumented) - Unknown = "Unknown", - // (undocumented) - Valid = "Valid" -} - -// @public -export enum KnownDataTypeState { - // (undocumented) - Disabled = "Disabled", - // (undocumented) - Enabled = "Enabled" -} - -// @public -export enum KnownEntityItemQueryKind { - Insight = "Insight" -} - -// @public -export enum KnownEntityKind { - Account = "Account", - AzureResource = "AzureResource", - Bookmark = "Bookmark", - CloudApplication = "CloudApplication", - DnsResolution = "DnsResolution", - File = "File", - FileHash = "FileHash", - Host = "Host", - IoTDevice = "IoTDevice", - Ip = "Ip", - Mailbox = "Mailbox", - MailCluster = "MailCluster", - MailMessage = "MailMessage", - Malware = "Malware", - Process = "Process", - RegistryKey = "RegistryKey", - RegistryValue = "RegistryValue", - SecurityAlert = "SecurityAlert", - SecurityGroup = "SecurityGroup", - SubmissionMail = "SubmissionMail", - Url = "Url" -} - -// @public -export enum KnownEntityMappingType { - Account = "Account", - AzureResource = "AzureResource", - CloudApplication = "CloudApplication", - DNS = "DNS", - File = "File", - FileHash = "FileHash", - Host = "Host", - IP = "IP", - Mailbox = "Mailbox", - MailCluster = "MailCluster", - MailMessage = "MailMessage", - Malware = "Malware", - Process = "Process", - RegistryKey = "RegistryKey", - RegistryValue = "RegistryValue", - SecurityGroup = "SecurityGroup", - SubmissionMail = "SubmissionMail", - URL = "URL" -} - -// @public -export enum KnownEntityQueryKind { - // (undocumented) - Activity = "Activity", - // (undocumented) - Expansion = "Expansion", - // (undocumented) - Insight = "Insight" -} - -// @public -export enum KnownEntityQueryTemplateKind { - // (undocumented) - Activity = "Activity" -} - -// @public -export enum KnownEntityTimelineKind { - Activity = "Activity", - Bookmark = "Bookmark", - SecurityAlert = "SecurityAlert" -} - -// @public -export enum KnownEntityType { - Account = "Account", - AzureResource = "AzureResource", - CloudApplication = "CloudApplication", - DNS = "DNS", - File = "File", - FileHash = "FileHash", - Host = "Host", - HuntingBookmark = "HuntingBookmark", - IoTDevice = "IoTDevice", - IP = "IP", - Mailbox = "Mailbox", - MailCluster = "MailCluster", - MailMessage = "MailMessage", - Malware = "Malware", - Process = "Process", - RegistryKey = "RegistryKey", - RegistryValue = "RegistryValue", - SecurityAlert = "SecurityAlert", - SecurityGroup = "SecurityGroup", - SubmissionMail = "SubmissionMail", - URL = "URL" -} - -// @public -export enum KnownEnum8 { - // (undocumented) - Activity = "Activity", - // (undocumented) - Expansion = "Expansion" -} - -// @public -export enum KnownEventGroupingAggregationKind { - // (undocumented) - AlertPerResult = "AlertPerResult", - // (undocumented) - SingleAlert = "SingleAlert" -} - -// @public -export enum KnownFileHashAlgorithm { - MD5 = "MD5", - SHA1 = "SHA1", - SHA256 = "SHA256", - SHA256AC = "SHA256AC", - Unknown = "Unknown" -} - -// @public -export enum KnownIncidentClassification { - BenignPositive = "BenignPositive", - FalsePositive = "FalsePositive", - TruePositive = "TruePositive", - Undetermined = "Undetermined" -} - -// @public -export enum KnownIncidentClassificationReason { - InaccurateData = "InaccurateData", - IncorrectAlertLogic = "IncorrectAlertLogic", - SuspiciousActivity = "SuspiciousActivity", - SuspiciousButExpected = "SuspiciousButExpected" -} - -// @public -export enum KnownIncidentLabelType { - System = "System", - User = "User" -} - -// @public -export enum KnownIncidentSeverity { - High = "High", - Informational = "Informational", - Low = "Low", - Medium = "Medium" -} - -// @public -export enum KnownIncidentStatus { - Active = "Active", - Closed = "Closed", - New = "New" -} - -// @public -export enum KnownKillChainIntent { - Collection = "Collection", - CommandAndControl = "CommandAndControl", - CredentialAccess = "CredentialAccess", - DefenseEvasion = "DefenseEvasion", - Discovery = "Discovery", - Execution = "Execution", - Exfiltration = "Exfiltration", - Exploitation = "Exploitation", - Impact = "Impact", - LateralMovement = "LateralMovement", - Persistence = "Persistence", - PrivilegeEscalation = "PrivilegeEscalation", - Probing = "Probing", - Unknown = "Unknown" -} - -// @public -export enum KnownKind { - // (undocumented) - AnalyticsRule = "AnalyticsRule", - // (undocumented) - AnalyticsRuleTemplate = "AnalyticsRuleTemplate", - // (undocumented) - DataConnector = "DataConnector", - // (undocumented) - DataType = "DataType", - // (undocumented) - HuntingQuery = "HuntingQuery", - // (undocumented) - InvestigationQuery = "InvestigationQuery", - // (undocumented) - Parser = "Parser", - // (undocumented) - Playbook = "Playbook", - // (undocumented) - PlaybookTemplate = "PlaybookTemplate", - // (undocumented) - Solution = "Solution", - // (undocumented) - Watchlist = "Watchlist", - // (undocumented) - WatchlistTemplate = "WatchlistTemplate", - // (undocumented) - Workbook = "Workbook", - // (undocumented) - WorkbookTemplate = "WorkbookTemplate" -} - -// @public -export enum KnownMatchingMethod { - AllEntities = "AllEntities", - AnyAlert = "AnyAlert", - Selected = "Selected" -} - -// @public -export enum KnownMicrosoftSecurityProductName { - // (undocumented) - AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", - // (undocumented) - AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", - // (undocumented) - AzureSecurityCenter = "Azure Security Center", - // (undocumented) - AzureSecurityCenterForIoT = "Azure Security Center for IoT", - // (undocumented) - MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", - // (undocumented) - MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection", - // (undocumented) - Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection" -} - -// @public -export enum KnownOperator { - // (undocumented) - AND = "AND", - // (undocumented) - OR = "OR" -} - -// @public -export enum KnownOutputType { - // (undocumented) - Date = "Date", - // (undocumented) - Entity = "Entity", - // (undocumented) - Number = "Number", - // (undocumented) - String = "String" -} - -// @public -export enum KnownOwnerType { - Group = "Group", - Unknown = "Unknown", - User = "User" -} - -// @public -export enum KnownPermissionProviderScope { - // (undocumented) - ResourceGroup = "ResourceGroup", - // (undocumented) - Subscription = "Subscription", - // (undocumented) - Workspace = "Workspace" -} - -// @public -export enum KnownPollingFrequency { - OnceADay = "OnceADay", - OnceAMinute = "OnceAMinute", - OnceAnHour = "OnceAnHour" -} - -// @public -export enum KnownProviderName { - // (undocumented) - MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", - // (undocumented) - MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments", - // (undocumented) - MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions", - // (undocumented) - MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces", - // (undocumented) - MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources", - // (undocumented) - MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys" -} - -// @public -export enum KnownRegistryHive { - HkeyA = "HKEY_A", - HkeyClassesRoot = "HKEY_CLASSES_ROOT", - HkeyCurrentConfig = "HKEY_CURRENT_CONFIG", - HkeyCurrentUser = "HKEY_CURRENT_USER", - HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS", - HkeyLocalMachine = "HKEY_LOCAL_MACHINE", - HkeyPerformanceData = "HKEY_PERFORMANCE_DATA", - HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT", - HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT", - HkeyUsers = "HKEY_USERS" -} - -// @public -export enum KnownRegistryValueKind { - Binary = "Binary", - DWord = "DWord", - ExpandString = "ExpandString", - MultiString = "MultiString", - None = "None", - QWord = "QWord", - String = "String", - Unknown = "Unknown" -} - -// @public -export enum KnownRepoType { - // (undocumented) - DevOps = "DevOps", - // (undocumented) - Github = "Github" -} - -// @public -export enum KnownSettingKind { - // (undocumented) - Anomalies = "Anomalies", - // (undocumented) - EntityAnalytics = "EntityAnalytics", - // (undocumented) - EyesOn = "EyesOn", - // (undocumented) - Ueba = "Ueba" -} - -// @public -export enum KnownSettingType { - // (undocumented) - CopyableLabel = "CopyableLabel", - // (undocumented) - InfoMessage = "InfoMessage", - // (undocumented) - InstructionStepsGroup = "InstructionStepsGroup" -} - -// @public -export enum KnownSkuKind { - // (undocumented) - CapacityReservation = "CapacityReservation", - // (undocumented) - PerGB = "PerGB" -} - -// @public -export enum KnownSource { - // (undocumented) - LocalFile = "Local file", - // (undocumented) - RemoteStorage = "Remote storage" -} - -// @public -export enum KnownSourceKind { - // (undocumented) - Community = "Community", - // (undocumented) - LocalWorkspace = "LocalWorkspace", - // (undocumented) - Solution = "Solution", - // (undocumented) - SourceRepository = "SourceRepository" -} - -// @public -export enum KnownSupportTier { - // (undocumented) - Community = "Community", - // (undocumented) - Microsoft = "Microsoft", - // (undocumented) - Partner = "Partner" -} - -// @public -export enum KnownTemplateStatus { - Available = "Available", - Installed = "Installed", - NotAvailable = "NotAvailable" -} - -// @public -export enum KnownThreatIntelligenceResourceKindEnum { - Indicator = "indicator" -} - -// @public -export enum KnownThreatIntelligenceSortingCriteriaEnum { - // (undocumented) - Ascending = "ascending", - // (undocumented) - Descending = "descending", - // (undocumented) - Unsorted = "unsorted" -} - -// @public -export enum KnownTriggersOn { - Incidents = "Incidents" -} - -// @public -export enum KnownTriggersWhen { - Created = "Created" -} - -// @public -export enum KnownUebaDataSources { - // (undocumented) - AuditLogs = "AuditLogs", - // (undocumented) - AzureActivity = "AzureActivity", - // (undocumented) - SecurityEvent = "SecurityEvent", - // (undocumented) - SigninLogs = "SigninLogs" -} - -// @public -export interface LastDataReceivedDataType { - lastDataReceivedQuery?: string; - name?: string; -} - -// @public -export type MailboxEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly mailboxPrimaryAddress?: string; - readonly displayName?: string; - readonly upn?: string; - readonly externalDirectoryObjectId?: string; -}; - -// @public -export type MailboxEntityProperties = EntityCommonProperties & { - readonly mailboxPrimaryAddress?: string; - readonly displayName?: string; - readonly upn?: string; - readonly externalDirectoryObjectId?: string; -}; - -// @public -export type MailClusterEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly networkMessageIds?: string[]; - readonly countByDeliveryStatus?: Record; - readonly countByThreatType?: Record; - readonly countByProtectionStatus?: Record; - readonly threats?: string[]; - readonly query?: string; - readonly queryTime?: Date; - readonly mailCount?: number; - readonly isVolumeAnomaly?: boolean; - readonly source?: string; - readonly clusterSourceIdentifier?: string; - readonly clusterSourceType?: string; - readonly clusterQueryStartTime?: Date; - readonly clusterQueryEndTime?: Date; - readonly clusterGroup?: string; -}; - -// @public -export type MailClusterEntityProperties = EntityCommonProperties & { - readonly networkMessageIds?: string[]; - readonly countByDeliveryStatus?: Record; - readonly countByThreatType?: Record; - readonly countByProtectionStatus?: Record; - readonly threats?: string[]; - readonly query?: string; - readonly queryTime?: Date; - readonly mailCount?: number; - readonly isVolumeAnomaly?: boolean; - readonly source?: string; - readonly clusterSourceIdentifier?: string; - readonly clusterSourceType?: string; - readonly clusterQueryStartTime?: Date; - readonly clusterQueryEndTime?: Date; - readonly clusterGroup?: string; -}; - -// @public -export type MailMessageEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly fileEntityIds?: string[]; - readonly recipient?: string; - readonly urls?: string[]; - readonly threats?: string[]; - readonly p1Sender?: string; - readonly p1SenderDisplayName?: string; - readonly p1SenderDomain?: string; - readonly senderIP?: string; - readonly p2Sender?: string; - readonly p2SenderDisplayName?: string; - readonly p2SenderDomain?: string; - readonly receiveDate?: Date; - readonly networkMessageId?: string; - readonly internetMessageId?: string; - readonly subject?: string; - readonly language?: string; - readonly threatDetectionMethods?: string[]; - bodyFingerprintBin1?: number; - bodyFingerprintBin2?: number; - bodyFingerprintBin3?: number; - bodyFingerprintBin4?: number; - bodyFingerprintBin5?: number; - antispamDirection?: AntispamMailDirection; - deliveryAction?: DeliveryAction; - deliveryLocation?: DeliveryLocation; -}; - -// @public -export type MailMessageEntityProperties = EntityCommonProperties & { - readonly fileEntityIds?: string[]; - readonly recipient?: string; - readonly urls?: string[]; - readonly threats?: string[]; - readonly p1Sender?: string; - readonly p1SenderDisplayName?: string; - readonly p1SenderDomain?: string; - readonly senderIP?: string; - readonly p2Sender?: string; - readonly p2SenderDisplayName?: string; - readonly p2SenderDomain?: string; - readonly receiveDate?: Date; - readonly networkMessageId?: string; - readonly internetMessageId?: string; - readonly subject?: string; - readonly language?: string; - readonly threatDetectionMethods?: string[]; - bodyFingerprintBin1?: number; - bodyFingerprintBin2?: number; - bodyFingerprintBin3?: number; - bodyFingerprintBin4?: number; - bodyFingerprintBin5?: number; - antispamDirection?: AntispamMailDirection; - deliveryAction?: DeliveryAction; - deliveryLocation?: DeliveryLocation; -}; - -// @public -export type MalwareEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly category?: string; - readonly fileEntityIds?: string[]; - readonly malwareName?: string; - readonly processEntityIds?: string[]; -}; - -// @public -export type MalwareEntityProperties = EntityCommonProperties & { - readonly category?: string; - readonly fileEntityIds?: string[]; - readonly malwareName?: string; - readonly processEntityIds?: string[]; -}; - -// @public -export type MatchingMethod = string; - -// @public -export type McasCheckRequirements = DataConnectorsCheckRequirements & { - kind: "MicrosoftCloudAppSecurity"; - tenantId?: string; -}; - -// @public -export type McasCheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type McasDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: McasDataConnectorDataTypes; -}; - -// @public -export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { - discoveryLogs?: DataConnectorDataTypeCommon; -}; - -// @public -export type McasDataConnectorProperties = DataConnectorTenantId & { - dataTypes: McasDataConnectorDataTypes; -}; - -// @public -export type MdatpCheckRequirements = DataConnectorsCheckRequirements & { - kind: "MicrosoftDefenderAdvancedThreatProtection"; - tenantId?: string; -}; - -// @public -export type MdatpCheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type MdatpDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -// @public -export type MdatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; - -// @public -export interface Metadata { - create(resourceGroupName: string, workspaceName: string, metadataName: string, metadata: MetadataModel, options?: MetadataCreateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: MetadataListOptionalParams): PagedAsyncIterableIterator; - update(resourceGroupName: string, workspaceName: string, metadataName: string, metadataPatch: MetadataPatch, options?: MetadataUpdateOptionalParams): Promise; -} - -// @public -export interface MetadataAuthor { - email?: string; - link?: string; - name?: string; -} - -// @public -export interface MetadataCategories { - domains?: string[]; - verticals?: string[]; -} - -// @public -export interface MetadataCreateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type MetadataCreateResponse = MetadataModel; - -// @public -export interface MetadataDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface MetadataDependencies { - contentId?: string; - criteria?: MetadataDependencies[]; - kind?: Kind; - name?: string; - operator?: Operator; - version?: string; -} - -// @public -export interface MetadataGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type MetadataGetResponse = MetadataModel; - -// @public -export interface MetadataList { - readonly nextLink?: string; - value: MetadataModel[]; -} - -// @public -export interface MetadataListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skip?: number; - top?: number; -} - -// @public -export type MetadataListNextResponse = MetadataList; - -// @public -export interface MetadataListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skip?: number; - top?: number; -} - -// @public -export type MetadataListResponse = MetadataList; - -// @public -export type MetadataModel = ResourceWithEtag & { - contentId?: string; - parentId?: string; - version?: string; - kind?: Kind; - source?: MetadataSource; - author?: MetadataAuthor; - support?: MetadataSupport; - dependencies?: MetadataDependencies; - categories?: MetadataCategories; - providers?: string[]; - firstPublishDate?: Date; - lastPublishDate?: Date; -}; - -// @public -export type MetadataPatch = ResourceWithEtag & { - contentId?: string; - parentId?: string; - version?: string; - kind?: Kind; - source?: MetadataSource; - author?: MetadataAuthor; - support?: MetadataSupport; - dependencies?: MetadataDependencies; - categories?: MetadataCategories; - providers?: string[]; - firstPublishDate?: Date; - lastPublishDate?: Date; -}; - -// @public -export interface MetadataSource { - kind: SourceKind; - name?: string; - sourceId?: string; -} - -// @public -export interface MetadataSupport { - email?: string; - link?: string; - name?: string; - tier: SupportTier; -} - -// @public -export interface MetadataUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type MetadataUpdateResponse = MetadataModel; - -// @public -export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { - displayNamesFilter?: string[]; - displayNamesExcludeFilter?: string[]; - productFilter?: MicrosoftSecurityProductName; - severitiesFilter?: AlertSeverity[]; - alertRuleTemplateName?: string; - description?: string; - displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; -}; - -// @public -export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { - displayNamesExcludeFilter?: string[]; - displayNamesFilter?: string[]; - productFilter: MicrosoftSecurityProductName; - severitiesFilter?: AlertSeverity[]; -} - -// @public -export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { - alertRuleTemplateName?: string; - description?: string; - displayName: string; - enabled: boolean; - readonly lastModifiedUtc?: Date; -}; - -// @public -export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { - alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; - displayNamesFilter?: string[]; - displayNamesExcludeFilter?: string[]; - productFilter?: MicrosoftSecurityProductName; - severitiesFilter?: AlertSeverity[]; -}; - -// @public -export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; - -// @public -export type MicrosoftSecurityProductName = string; - -// @public -export type MLBehaviorAnalyticsAlertRule = AlertRule & { - alertRuleTemplateName?: string; - readonly description?: string; - readonly displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - readonly severity?: AlertSeverity; - readonly tactics?: AttackTactic[]; -}; - -// @public -export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { - alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; - severity?: AlertSeverity; - tactics?: AttackTactic[]; -}; - -// @public -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - severity: AlertSeverity; - tactics?: AttackTactic[]; -}; - -// @public -export type MstiCheckRequirements = DataConnectorsCheckRequirements & { - kind: "MicrosoftThreatIntelligence"; - tenantId?: string; -}; - -// @public -export type MstiCheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type MstiDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: MstiDataConnectorDataTypes; -}; - -// @public -export interface MstiDataConnectorDataTypes { - bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL; - microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed; -} - -// @public -export type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & { - lookbackPeriod: string; -}; - -// @public -export type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & { - lookbackPeriod: string; -}; - -// @public -export type MstiDataConnectorProperties = DataConnectorTenantId & { - dataTypes: MstiDataConnectorDataTypes; -}; - -// @public -export type MtpCheckRequirements = DataConnectorsCheckRequirements & { - kind: "MicrosoftThreatProtection"; - tenantId?: string; -}; - -// @public -export type MTPCheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type MTPDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: MTPDataConnectorDataTypes; -}; - -// @public -export interface MTPDataConnectorDataTypes { - incidents: MTPDataConnectorDataTypesIncidents; -} - -// @public -export type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {}; - -// @public -export type MTPDataConnectorProperties = DataConnectorTenantId & { - dataTypes: MTPDataConnectorDataTypes; -}; - -// @public -export type NrtAlertRule = AlertRule & { - alertRuleTemplateName?: string; - templateVersion?: string; - description?: string; - query?: string; - displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - suppressionDuration?: string; - suppressionEnabled?: boolean; - severity?: AlertSeverity; - tactics?: AttackTactic[]; - incidentConfiguration?: IncidentConfiguration; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - alertDetailsOverride?: AlertDetailsOverride; -}; - -// @public -export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {}; - -// @public -export type NrtAlertRuleTemplate = AlertRuleTemplate & { - alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; - query?: string; - severity?: AlertSeverity; - tactics?: AttackTactic[]; - version?: string; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - alertDetailsOverride?: AlertDetailsOverride; -}; - -// @public -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & {}; - -// @public -export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { - kind: "OfficeATP"; - tenantId?: string; -}; - -// @public -export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type OfficeATPDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -// @public -export type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; - -// @public -export type OfficeConsent = Resource & { - tenantId?: string; - consentId?: string; -}; - -// @public -export interface OfficeConsentList { - readonly nextLink?: string; - value: OfficeConsent[]; -} - -// @public -export interface OfficeConsents { - delete(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: OfficeConsentsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface OfficeConsentsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface OfficeConsentsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type OfficeConsentsGetResponse = OfficeConsent; - -// @public -export interface OfficeConsentsListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type OfficeConsentsListNextResponse = OfficeConsentList; - -// @public -export interface OfficeConsentsListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type OfficeConsentsListResponse = OfficeConsentList; - -// @public -export type OfficeDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: OfficeDataConnectorDataTypes; -}; - -// @public -export interface OfficeDataConnectorDataTypes { - exchange: OfficeDataConnectorDataTypesExchange; - sharePoint: OfficeDataConnectorDataTypesSharePoint; - teams: OfficeDataConnectorDataTypesTeams; -} - -// @public -export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; - -// @public -export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; - -// @public -export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; - -// @public -export type OfficeDataConnectorProperties = DataConnectorTenantId & { - dataTypes: OfficeDataConnectorDataTypes; -}; - -// @public -export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { - kind: "OfficeIRM"; - tenantId?: string; -}; - -// @public -export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; - -// @public -export type OfficeIRMDataConnector = DataConnector & { - tenantId?: string; - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -// @public -export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; - -// @public -export interface Operation { - display?: OperationDisplay; - isDataAction?: boolean; - name?: string; - origin?: string; -} - -// @public -export interface OperationDisplay { - description?: string; - operation?: string; - provider?: string; - resource?: string; -} - -// @public -export interface Operations { - list(options?: OperationsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface OperationsList { - readonly nextLink?: string; - value: Operation[]; -} - -// @public -export interface OperationsListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type OperationsListNextResponse = OperationsList; - -// @public -export interface OperationsListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type OperationsListResponse = OperationsList; - -// @public -export type Operator = string; - -// @public -export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown"; - -// @public -export type OutputType = string; - -// @public -export type OwnerType = string; - -// @public -export type PermissionProviderScope = string; - -// @public -interface Permissions_2 { - customs?: PermissionsCustomsItem[]; - resourceProvider?: PermissionsResourceProviderItem[]; -} -export { Permissions_2 as Permissions } - -// @public (undocumented) -export type PermissionsCustomsItem = Customs & {}; - -// @public (undocumented) -export type PermissionsResourceProviderItem = ResourceProvider & {}; - -// @public -export type PollingFrequency = string; - -// @public -export type ProcessEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly accountEntityId?: string; - readonly commandLine?: string; - readonly creationTimeUtc?: Date; - elevationToken?: ElevationToken; - readonly hostEntityId?: string; - readonly hostLogonSessionEntityId?: string; - readonly imageFileEntityId?: string; - readonly parentProcessEntityId?: string; - readonly processId?: string; -}; - -// @public -export type ProcessEntityProperties = EntityCommonProperties & { - readonly accountEntityId?: string; - readonly commandLine?: string; - readonly creationTimeUtc?: Date; - elevationToken?: ElevationToken; - readonly hostEntityId?: string; - readonly hostLogonSessionEntityId?: string; - readonly imageFileEntityId?: string; - readonly parentProcessEntityId?: string; - readonly processId?: string; -}; - -// @public -export interface ProductSettings { - delete(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: ProductSettingsListOptionalParams): Promise; - update(resourceGroupName: string, workspaceName: string, settingsName: string, settings: SettingsUnion, options?: ProductSettingsUpdateOptionalParams): Promise; -} - -// @public -export interface ProductSettingsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface ProductSettingsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type ProductSettingsGetResponse = SettingsUnion; - -// @public -export interface ProductSettingsListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type ProductSettingsListResponse = SettingList; - -// @public -export interface ProductSettingsUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type ProductSettingsUpdateResponse = SettingsUnion; - -// @public -export type ProviderName = string; - -// @public -export interface QueryBasedAlertRuleProperties { - alertDetailsOverride?: AlertDetailsOverride; - alertRuleTemplateName?: string; - customDetails?: { - [propertyName: string]: string; - }; - description?: string; - displayName: string; - enabled: boolean; - entityMappings?: EntityMapping[]; - incidentConfiguration?: IncidentConfiguration; - readonly lastModifiedUtc?: Date; - query?: string; - severity?: AlertSeverity; - suppressionDuration: string; - suppressionEnabled: boolean; - tactics?: AttackTactic[]; - templateVersion?: string; -} - -// @public -export interface QueryBasedAlertRuleTemplateProperties { - alertDetailsOverride?: AlertDetailsOverride; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - query?: string; - severity?: AlertSeverity; - tactics?: AttackTactic[]; - version?: string; -} - -// @public -export type RegistryHive = string; - -// @public -export type RegistryKeyEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly hive?: RegistryHive; - readonly key?: string; -}; - -// @public -export type RegistryKeyEntityProperties = EntityCommonProperties & { - readonly hive?: RegistryHive; - readonly key?: string; -}; - -// @public -export type RegistryValueEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly keyEntityId?: string; - readonly valueData?: string; - readonly valueName?: string; - readonly valueType?: RegistryValueKind; -}; - -// @public -export type RegistryValueEntityProperties = EntityCommonProperties & { - readonly keyEntityId?: string; - readonly valueData?: string; - readonly valueName?: string; - readonly valueType?: RegistryValueKind; -}; - -// @public -export type RegistryValueKind = string; - -// @public -export type Relation = ResourceWithEtag & { - relatedResourceId?: string; - readonly relatedResourceName?: string; - readonly relatedResourceType?: string; - readonly relatedResourceKind?: string; -}; - -// @public -export interface RelationList { - readonly nextLink?: string; - value: Relation[]; -} - -// @public -export interface Repo { - branches?: string[]; - fullName?: string; - url?: string; -} - -// @public -export interface RepoList { - readonly nextLink?: string; - value: Repo[]; -} - -// @public -export interface Repository { - branch?: string; - deploymentLogsUrl?: string; - displayUrl?: string; - pathMapping?: ContentPathMap[]; - url?: string; -} - -// @public -export type RepoType = string; - -// @public -export interface RequiredPermissions { - action?: boolean; - delete?: boolean; - read?: boolean; - write?: boolean; -} - -// @public -export interface Resource { - readonly id?: string; - readonly name?: string; - readonly systemData?: SystemData; - readonly type?: string; -} - -// @public -export interface ResourceProvider { - permissionsDisplayText?: string; - provider?: ProviderName; - providerDisplayName?: string; - requiredPermissions?: RequiredPermissions; - scope?: PermissionProviderScope; -} - -// @public -export type ResourceWithEtag = Resource & { - etag?: string; -}; - -// @public -export interface SampleQueries { - description?: string; - query?: string; -} - -// @public -export type ScheduledAlertRule = AlertRule & { - queryFrequency?: string; - queryPeriod?: string; - triggerOperator?: TriggerOperator; - triggerThreshold?: number; - eventGroupingSettings?: EventGroupingSettings; - alertRuleTemplateName?: string; - templateVersion?: string; - description?: string; - query?: string; - displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - suppressionDuration?: string; - suppressionEnabled?: boolean; - severity?: AlertSeverity; - tactics?: AttackTactic[]; - incidentConfiguration?: IncidentConfiguration; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - alertDetailsOverride?: AlertDetailsOverride; -}; - -// @public -export interface ScheduledAlertRuleCommonProperties { - eventGroupingSettings?: EventGroupingSettings; - queryFrequency?: string; - queryPeriod?: string; - triggerOperator?: TriggerOperator; - triggerThreshold?: number; -} - -// @public -export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & QueryBasedAlertRuleProperties & {}; - -// @public -export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { - alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; - query?: string; - severity?: AlertSeverity; - tactics?: AttackTactic[]; - version?: string; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - alertDetailsOverride?: AlertDetailsOverride; - queryFrequency?: string; - queryPeriod?: string; - triggerOperator?: TriggerOperator; - triggerThreshold?: number; - eventGroupingSettings?: EventGroupingSettings; -}; - -// @public -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; - -// @public -export type SecurityAlert = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly alertDisplayName?: string; - readonly alertType?: string; - readonly compromisedEntity?: string; - readonly confidenceLevel?: ConfidenceLevel; - readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; - readonly confidenceScore?: number; - readonly confidenceScoreStatus?: ConfidenceScoreStatus; - readonly description?: string; - readonly endTimeUtc?: Date; - readonly intent?: KillChainIntent; - readonly providerAlertId?: string; - readonly processingEndTime?: Date; - readonly productComponentName?: string; - readonly productName?: string; - readonly productVersion?: string; - readonly remediationSteps?: string[]; - severity?: AlertSeverity; - readonly startTimeUtc?: Date; - readonly status?: AlertStatus; - readonly systemAlertId?: string; - readonly tactics?: AttackTactic[]; - readonly timeGenerated?: Date; - readonly vendorName?: string; - readonly alertLink?: string; - readonly resourceIdentifiers?: Record[]; -}; - -// @public -export type SecurityAlertProperties = EntityCommonProperties & { - readonly alertDisplayName?: string; - readonly alertType?: string; - readonly compromisedEntity?: string; - readonly confidenceLevel?: ConfidenceLevel; - readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; - readonly confidenceScore?: number; - readonly confidenceScoreStatus?: ConfidenceScoreStatus; - readonly description?: string; - readonly endTimeUtc?: Date; - readonly intent?: KillChainIntent; - readonly providerAlertId?: string; - readonly processingEndTime?: Date; - readonly productComponentName?: string; - readonly productName?: string; - readonly productVersion?: string; - readonly remediationSteps?: string[]; - severity?: AlertSeverity; - readonly startTimeUtc?: Date; - readonly status?: AlertStatus; - readonly systemAlertId?: string; - readonly tactics?: AttackTactic[]; - readonly timeGenerated?: Date; - readonly vendorName?: string; - readonly alertLink?: string; - readonly resourceIdentifiers?: Record[]; -}; - -// @public -export interface SecurityAlertPropertiesConfidenceReasonsItem { - readonly reason?: string; - readonly reasonType?: string; -} - -// @public -export type SecurityAlertTimelineItem = EntityTimelineItem & { - kind: "SecurityAlert"; - azureResourceId: string; - productName?: string; - description?: string; - displayName: string; - severity: AlertSeverity; - endTimeUtc: Date; - startTimeUtc: Date; - timeGenerated: Date; - alertType: string; -}; - -// @public -export type SecurityGroupEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly distinguishedName?: string; - readonly objectGuid?: string; - readonly sid?: string; -}; - -// @public -export type SecurityGroupEntityProperties = EntityCommonProperties & { - readonly distinguishedName?: string; - readonly objectGuid?: string; - readonly sid?: string; -}; - -// @public (undocumented) -export class SecurityInsights extends coreClient.ServiceClient { - // (undocumented) - $host: string; - constructor(credentials: coreAuth.TokenCredential, subscriptionId: string, options?: SecurityInsightsOptionalParams); - // (undocumented) - actions: Actions; - // (undocumented) - alertRules: AlertRules; - // (undocumented) - alertRuleTemplates: AlertRuleTemplates; - // (undocumented) - apiVersion: string; - // (undocumented) - automationRules: AutomationRules; - // (undocumented) - bookmarkOperations: BookmarkOperations; - // (undocumented) - bookmarkRelations: BookmarkRelations; - // (undocumented) - bookmarks: Bookmarks; - // (undocumented) - dataConnectors: DataConnectors; - // (undocumented) - dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; - // (undocumented) - domainWhois: DomainWhois; - // (undocumented) - entities: Entities; - // (undocumented) - entitiesGetTimeline: EntitiesGetTimeline; - // (undocumented) - entitiesRelations: EntitiesRelations; - // (undocumented) - entityQueries: EntityQueries; - // (undocumented) - entityQueryTemplates: EntityQueryTemplates; - // (undocumented) - entityRelations: EntityRelations; - // (undocumented) - incidentComments: IncidentComments; - // (undocumented) - incidentRelations: IncidentRelations; - // (undocumented) - incidents: Incidents; - // (undocumented) - iPGeodata: IPGeodata; - // (undocumented) - metadata: Metadata; - // (undocumented) - officeConsents: OfficeConsents; - // (undocumented) - operations: Operations; - // (undocumented) - productSettings: ProductSettings; - // (undocumented) - sentinelOnboardingStates: SentinelOnboardingStates; - // (undocumented) - sourceControlOperations: SourceControlOperations; - // (undocumented) - sourceControls: SourceControls; - // (undocumented) - subscriptionId: string; - // (undocumented) - threatIntelligenceIndicator: ThreatIntelligenceIndicator; - // (undocumented) - threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; - // (undocumented) - threatIntelligenceIndicators: ThreatIntelligenceIndicators; - // (undocumented) - watchlistItems: WatchlistItems; - // (undocumented) - watchlists: Watchlists; -} - -// @public -export interface SecurityInsightsOptionalParams extends coreClient.ServiceClientOptions { - $host?: string; - apiVersion?: string; - endpoint?: string; -} - -// @public -export type SentinelOnboardingState = ResourceWithEtag & { - customerManagedKey?: boolean; -}; - -// @public -export interface SentinelOnboardingStates { - create(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesCreateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: SentinelOnboardingStatesListOptionalParams): Promise; -} - -// @public -export interface SentinelOnboardingStatesCreateOptionalParams extends coreClient.OperationOptions { - sentinelOnboardingStateParameter?: SentinelOnboardingState; -} - -// @public -export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState; - -// @public -export interface SentinelOnboardingStatesDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState; - -// @public -export interface SentinelOnboardingStatesList { - value: SentinelOnboardingState[]; -} - -// @public -export interface SentinelOnboardingStatesListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; - -// @public -export type SettingKind = string; - -// @public -export interface SettingList { - value: SettingsUnion[]; -} - -// @public -export type Settings = ResourceWithEtag & { - kind: SettingKind; -}; - -// @public (undocumented) -export type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalytics | Ueba; - -// @public -export type SettingType = string; - -// @public -export interface Sku { - capacityReservationLevel?: number; - name?: SkuKind; -} - -// @public -export type SkuKind = string; - -// @public -export type Source = string; - -// @public -export type SourceControl = ResourceWithEtag & { - idPropertiesId?: string; - displayName?: string; +export type Incident = ResourceWithEtag & { + readonly additionalData?: IncidentAdditionalData; + classification?: IncidentClassification; + classificationComment?: string; + classificationReason?: IncidentClassificationReason; + readonly createdTimeUtc?: Date; description?: string; - repoType?: RepoType; - contentTypes?: ContentType[]; - repository?: Repository; + firstActivityTimeUtc?: Date; + readonly incidentUrl?: string; + readonly incidentNumber?: number; + labels?: IncidentLabel[]; + lastActivityTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; + owner?: IncidentOwnerInfo; + readonly relatedAnalyticRuleIds?: string[]; + severity?: IncidentSeverity; + status?: IncidentStatus; + title?: string; }; // @public -export interface SourceControlList { - readonly nextLink?: string; - value: SourceControl[]; -} - -// @public -export interface SourceControlListRepositoriesNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SourceControlListRepositoriesNextResponse = RepoList; - -// @public -export interface SourceControlListRepositoriesOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SourceControlListRepositoriesResponse = RepoList; - -// @public -export interface SourceControlOperations { - listRepositories(resourceGroupName: string, workspaceName: string, repoType: RepoType, options?: SourceControlListRepositoriesOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface SourceControls { - create(resourceGroupName: string, workspaceName: string, sourceControlId: string, sourceControl: SourceControl, options?: SourceControlsCreateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: SourceControlsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface SourceControlsCreateOptionalParams extends coreClient.OperationOptions { +export interface IncidentAdditionalData { + readonly alertProductNames?: string[]; + readonly alertsCount?: number; + readonly bookmarksCount?: number; + readonly commentsCount?: number; + readonly tactics?: AttackTactic[]; } // @public -export type SourceControlsCreateResponse = SourceControl; - -// @public -export interface SourceControlsDeleteOptionalParams extends coreClient.OperationOptions { -} +export type IncidentClassification = string; // @public -export interface SourceControlsGetOptionalParams extends coreClient.OperationOptions { -} +export type IncidentClassificationReason = string; // @public -export type SourceControlsGetResponse = SourceControl; +export type IncidentComment = Resource & { + readonly createdTimeUtc?: Date; + message?: string; + readonly author?: ClientInfo; +}; // @public -export interface SourceControlsListNextOptionalParams extends coreClient.OperationOptions { +export interface IncidentCommentList { + readonly nextLink?: string; + value: IncidentComment[]; } // @public -export type SourceControlsListNextResponse = SourceControlList; - -// @public -export interface SourceControlsListOptionalParams extends coreClient.OperationOptions { +export interface IncidentComments { + createComment(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, options?: IncidentCommentsCreateCommentOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsGetOptionalParams): Promise; + listByIncident(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentCommentsListByIncidentOptionalParams): PagedAsyncIterableIterator; } // @public -export type SourceControlsListResponse = SourceControlList; - -// @public -export type SourceKind = string; - -// @public -export type SubmissionMailEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly networkMessageId?: string; - readonly submissionId?: string; - readonly submitter?: string; - readonly submissionDate?: Date; - readonly timestamp?: Date; - readonly recipient?: string; - readonly sender?: string; - readonly senderIp?: string; - readonly subject?: string; - readonly reportType?: string; -}; - -// @public -export type SubmissionMailEntityProperties = EntityCommonProperties & { - readonly networkMessageId?: string; - readonly submissionId?: string; - readonly submitter?: string; - readonly submissionDate?: Date; - readonly timestamp?: Date; - readonly recipient?: string; - readonly sender?: string; - readonly senderIp?: string; - readonly subject?: string; - readonly reportType?: string; -}; - -// @public -export type SupportTier = string; - -// @public -export interface SystemData { - createdAt?: Date; - createdBy?: string; - createdByType?: CreatedByType; - lastModifiedAt?: Date; - lastModifiedBy?: string; - lastModifiedByType?: CreatedByType; +export interface IncidentCommentsCreateCommentOptionalParams extends coreClient.OperationOptions { } // @public -export interface TeamInformation { - readonly description?: string; - readonly name?: string; - readonly primaryChannelUrl?: string; - readonly teamCreationTimeUtc?: Date; - readonly teamId?: string; -} +export type IncidentCommentsCreateCommentResponse = IncidentComment; // @public -export interface TeamProperties { - groupIds?: string[]; - memberIds?: string[]; - teamDescription?: string; - teamName: string; +export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions { } // @public -export type TemplateStatus = string; +export type IncidentCommentsGetResponse = IncidentComment; // @public -export interface ThreatIntelligence { - readonly confidence?: number; - readonly providerName?: string; - readonly reportLink?: string; - readonly threatDescription?: string; - readonly threatName?: string; - readonly threatType?: string; +export interface IncidentCommentsListByIncidentNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } // @public -export type ThreatIntelligenceAlertRule = AlertRule & { - alertRuleTemplateName?: string; - readonly description?: string; - readonly displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - readonly severity?: AlertSeverity; - readonly tactics?: AttackTactic[]; -}; +export type IncidentCommentsListByIncidentNextResponse = IncidentCommentList; // @public -export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { - alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; - severity?: AlertSeverity; - tactics?: AttackTactic[]; -}; +export interface IncidentCommentsListByIncidentOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} // @public -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - severity: AlertSeverity; - tactics?: AttackTactic[]; -}; +export type IncidentCommentsListByIncidentResponse = IncidentCommentList; // @public -export interface ThreatIntelligenceAppendTags { - threatIntelligenceTags?: string[]; +export interface IncidentInfo { + incidentId?: string; + relationName?: string; + severity?: CaseSeverity; + title?: string; } // @public -export interface ThreatIntelligenceExternalReference { - description?: string; - externalId?: string; - hashes?: { - [propertyName: string]: string; - }; - sourceName?: string; - url?: string; +export interface IncidentLabel { + labelName: string; + readonly labelType?: IncidentLabelType; } // @public -export interface ThreatIntelligenceFilteringCriteria { - ids?: string[]; - includeDisabled?: boolean; - keywords?: string[]; - maxConfidence?: number; - maxValidUntil?: string; - minConfidence?: number; - minValidUntil?: string; - pageSize?: number; - patternTypes?: string[]; - skipToken?: string; - sortBy?: ThreatIntelligenceSortingCriteria[]; - sources?: string[]; - threatTypes?: string[]; -} +export type IncidentLabelType = string; // @public -export interface ThreatIntelligenceGranularMarkingModel { - language?: string; - markingRef?: number; - selectors?: string[]; +export interface IncidentList { + readonly nextLink?: string; + value: Incident[]; } // @public -export interface ThreatIntelligenceIndicator { - appendTags(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams): Promise; - create(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorCreateOptionalParams): Promise; - createIndicator(resourceGroupName: string, workspaceName: string, threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, name: string, options?: ThreatIntelligenceIndicatorDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, name: string, options?: ThreatIntelligenceIndicatorGetOptionalParams): Promise; - listQueryIndicators(resourceGroupName: string, workspaceName: string, threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams): PagedAsyncIterableIterator; - replaceTags(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams): Promise; +export interface IncidentOwnerInfo { + assignedTo?: string; + email?: string; + objectId?: string; + userPrincipalName?: string; } // @public -export interface ThreatIntelligenceIndicatorAppendTagsOptionalParams extends coreClient.OperationOptions { +export interface Incidents { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator; } // @public -export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions { +export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } // @public -export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion; +export type IncidentsCreateOrUpdateResponse = Incident; // @public -export interface ThreatIntelligenceIndicatorCreateOptionalParams extends coreClient.OperationOptions { +export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions { } // @public -export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion; - -// @public -export interface ThreatIntelligenceIndicatorDeleteOptionalParams extends coreClient.OperationOptions { -} +export type IncidentSeverity = string; // @public -export interface ThreatIntelligenceIndicatorGetOptionalParams extends coreClient.OperationOptions { +export interface IncidentsGetOptionalParams extends coreClient.OperationOptions { } // @public -export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion; - -// @public -export interface ThreatIntelligenceIndicatorMetrics { - list(resourceGroupName: string, workspaceName: string, options?: ThreatIntelligenceIndicatorMetricsListOptionalParams): Promise; -} +export type IncidentsGetResponse = Incident; // @public -export interface ThreatIntelligenceIndicatorMetricsListOptionalParams extends coreClient.OperationOptions { +export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } // @public -export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; +export type IncidentsListNextResponse = IncidentList; // @public -export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - threatIntelligenceTags?: string[]; - lastUpdatedTimeUtc?: string; - source?: string; - displayName?: string; - description?: string; - indicatorTypes?: string[]; - pattern?: string; - patternType?: string; - patternVersion?: string; - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - parsedPattern?: ThreatIntelligenceParsedPattern[]; - externalId?: string; - createdByRef?: string; - defanged?: boolean; - externalLastUpdatedTimeUtc?: string; - externalReferences?: ThreatIntelligenceExternalReference[]; - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - labels?: string[]; - revoked?: boolean; - confidence?: number; - objectMarkingRefs?: string[]; - language?: string; - threatTypes?: string[]; - validFrom?: string; - validUntil?: string; - created?: string; - modified?: string; - extensions?: { - [propertyName: string]: any; - }; -}; +export interface IncidentsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} // @public -export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { - etag?: string; - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - threatIntelligenceTags?: string[]; - lastUpdatedTimeUtc?: string; - source?: string; - displayName?: string; - description?: string; - indicatorTypes?: string[]; - pattern?: string; - patternType?: string; - patternVersion?: string; - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - parsedPattern?: ThreatIntelligenceParsedPattern[]; - externalId?: string; - createdByRef?: string; - defanged?: boolean; - externalLastUpdatedTimeUtc?: string; - externalReferences?: ThreatIntelligenceExternalReference[]; - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - labels?: string[]; - revoked?: boolean; - confidence?: number; - objectMarkingRefs?: string[]; - language?: string; - threatTypes?: string[]; - validFrom?: string; - validUntil?: string; - created?: string; - modified?: string; - extensions?: { - [propertyName: string]: any; - }; -}; +export type IncidentsListResponse = IncidentList; // @public -export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & { - threatIntelligenceTags?: string[]; - lastUpdatedTimeUtc?: string; - source?: string; - displayName?: string; - description?: string; - indicatorTypes?: string[]; - pattern?: string; - patternType?: string; - patternVersion?: string; - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - parsedPattern?: ThreatIntelligenceParsedPattern[]; - externalId?: string; - createdByRef?: string; - defanged?: boolean; - externalLastUpdatedTimeUtc?: string; - externalReferences?: ThreatIntelligenceExternalReference[]; - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - labels?: string[]; - revoked?: boolean; - confidence?: number; - objectMarkingRefs?: string[]; - language?: string; - threatTypes?: string[]; - validFrom?: string; - validUntil?: string; - created?: string; - modified?: string; - extensions?: { - [propertyName: string]: any; - }; -}; +export type IncidentStatus = string; // @public -export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams extends coreClient.OperationOptions { +export enum KnownAlertRuleKind { + // (undocumented) + Fusion = "Fusion", + // (undocumented) + MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", + // (undocumented) + Scheduled = "Scheduled" } // @public -export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList; - -// @public -export interface ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams extends coreClient.OperationOptions { +export enum KnownAlertSeverity { + High = "High", + Informational = "Informational", + Low = "Low", + Medium = "Medium" } // @public -export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList; - -// @public -export interface ThreatIntelligenceIndicatorReplaceTagsOptionalParams extends coreClient.OperationOptions { +export enum KnownAttackTactic { + // (undocumented) + Collection = "Collection", + // (undocumented) + CommandAndControl = "CommandAndControl", + // (undocumented) + CredentialAccess = "CredentialAccess", + // (undocumented) + DefenseEvasion = "DefenseEvasion", + // (undocumented) + Discovery = "Discovery", + // (undocumented) + Execution = "Execution", + // (undocumented) + Exfiltration = "Exfiltration", + // (undocumented) + Impact = "Impact", + // (undocumented) + InitialAccess = "InitialAccess", + // (undocumented) + LateralMovement = "LateralMovement", + // (undocumented) + Persistence = "Persistence", + // (undocumented) + PrivilegeEscalation = "PrivilegeEscalation" } // @public -export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion; - -// @public -export interface ThreatIntelligenceIndicators { - list(resourceGroupName: string, workspaceName: string, options?: ThreatIntelligenceIndicatorsListOptionalParams): PagedAsyncIterableIterator; +export enum KnownCaseSeverity { + Critical = "Critical", + High = "High", + Informational = "Informational", + Low = "Low", + Medium = "Medium" } // @public -export interface ThreatIntelligenceIndicatorsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; +export enum KnownDataConnectorKind { + // (undocumented) + AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", + // (undocumented) + AzureActiveDirectory = "AzureActiveDirectory", + // (undocumented) + AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", + // (undocumented) + AzureSecurityCenter = "AzureSecurityCenter", + // (undocumented) + MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", + // (undocumented) + MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", + // (undocumented) + Office365 = "Office365", + // (undocumented) + ThreatIntelligence = "ThreatIntelligence" } // @public -export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList; - -// @public -export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; +export enum KnownDataTypeState { + // (undocumented) + Disabled = "Disabled", + // (undocumented) + Enabled = "Enabled" } // @public -export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; - -// @public -export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & {}; - -// @public -export interface ThreatIntelligenceInformationList { - readonly nextLink?: string; - value: ThreatIntelligenceInformationUnion[]; +export enum KnownIncidentClassification { + BenignPositive = "BenignPositive", + FalsePositive = "FalsePositive", + TruePositive = "TruePositive", + Undetermined = "Undetermined" } -// @public (undocumented) -export type ThreatIntelligenceInformationUnion = ThreatIntelligenceInformation | ThreatIntelligenceIndicatorModel; - // @public -export interface ThreatIntelligenceKillChainPhase { - killChainName?: string; - phaseName?: string; +export enum KnownIncidentClassificationReason { + InaccurateData = "InaccurateData", + IncorrectAlertLogic = "IncorrectAlertLogic", + SuspiciousActivity = "SuspiciousActivity", + SuspiciousButExpected = "SuspiciousButExpected" } // @public -export interface ThreatIntelligenceMetric { - lastUpdatedTimeUtc?: string; - patternTypeMetrics?: ThreatIntelligenceMetricEntity[]; - sourceMetrics?: ThreatIntelligenceMetricEntity[]; - threatTypeMetrics?: ThreatIntelligenceMetricEntity[]; +export enum KnownIncidentLabelType { + System = "System", + User = "User" } // @public -export interface ThreatIntelligenceMetricEntity { - metricName?: string; - metricValue?: number; +export enum KnownIncidentSeverity { + High = "High", + Informational = "Informational", + Low = "Low", + Medium = "Medium" } // @public -export interface ThreatIntelligenceMetrics { - properties?: ThreatIntelligenceMetric; +export enum KnownIncidentStatus { + Active = "Active", + Closed = "Closed", + New = "New" } // @public -export interface ThreatIntelligenceMetricsList { - value: ThreatIntelligenceMetrics[]; +export enum KnownLicenseStatus { + // (undocumented) + Disabled = "Disabled", + // (undocumented) + Enabled = "Enabled" } // @public -export interface ThreatIntelligenceParsedPattern { - patternTypeKey?: string; - patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[]; +export enum KnownMicrosoftSecurityProductName { + // (undocumented) + AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", + // (undocumented) + AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", + // (undocumented) + AzureSecurityCenter = "Azure Security Center", + // (undocumented) + AzureSecurityCenterForIoT = "Azure Security Center for IoT", + // (undocumented) + MicrosoftCloudAppSecurity = "Microsoft Cloud App Security" } // @public -export interface ThreatIntelligenceParsedPatternTypeValue { - value?: string; - valueType?: string; +export enum KnownSettingKind { + // (undocumented) + ToggleSettings = "ToggleSettings", + // (undocumented) + UebaSettings = "UebaSettings" } // @public -export interface ThreatIntelligenceResourceKind { - kind: ThreatIntelligenceResourceKindEnum; +export enum KnownStatusInMcas { + // (undocumented) + Disabled = "Disabled", + // (undocumented) + Enabled = "Enabled" } // @public -export type ThreatIntelligenceResourceKindEnum = string; - -// @public -export interface ThreatIntelligenceSortingCriteria { - itemKey?: string; - sortOrder?: ThreatIntelligenceSortingCriteriaEnum; +export enum KnownTemplateStatus { + Available = "Available", + Installed = "Installed", + NotAvailable = "NotAvailable" } // @public -export type ThreatIntelligenceSortingCriteriaEnum = string; +export type LicenseStatus = string; // @public -export type TICheckRequirements = DataConnectorsCheckRequirements & { - kind: "ThreatIntelligence"; +export type McasDataConnector = DataConnector & { tenantId?: string; + dataTypes?: McasDataConnectorDataTypes; }; // @public -export type TICheckRequirementsProperties = DataConnectorTenantId & {}; +export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { + discoveryLogs?: DataConnectorDataTypeCommon; +}; // @public -export type TIDataConnector = DataConnector & { +export type MdatpDataConnector = DataConnector & { tenantId?: string; - tipLookbackPeriod?: Date; - dataTypes?: TIDataConnectorDataTypes; + dataTypes?: AlertsDataTypeOfDataConnector; }; // @public -export interface TIDataConnectorDataTypes { - indicators: TIDataConnectorDataTypesIndicators; -} +export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; + alertRuleTemplateName?: string; + description?: string; + displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; +}; // @public -export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; +export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { + displayNamesExcludeFilter?: string[]; + displayNamesFilter?: string[]; + productFilter: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +} // @public -export type TIDataConnectorProperties = DataConnectorTenantId & { - tipLookbackPeriod?: Date; - dataTypes: TIDataConnectorDataTypes; +export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { + alertRuleTemplateName?: string; + description?: string; + displayName: string; + enabled: boolean; + readonly lastModifiedUtc?: Date; }; // @public -export interface TimelineAggregation { - count: number; - kind: EntityTimelineKind; -} - -// @public -export interface TimelineError { - errorMessage: string; - kind: EntityTimelineKind; - queryId?: string; -} +export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +}; // @public -export interface TimelineResultsMetadata { - aggregations: TimelineAggregation[]; - errors?: TimelineError[]; - totalCount: number; -} +export type MicrosoftSecurityProductName = string; // @public -export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { - kind: "ThreatIntelligenceTaxii"; +export type OfficeConsent = Resource & { tenantId?: string; + readonly tenantName?: string; }; // @public -export type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {}; +export interface OfficeConsentList { + readonly nextLink?: string; + value: OfficeConsent[]; +} // @public -export type TiTaxiiDataConnector = DataConnector & { +export type OfficeDataConnector = DataConnector & { tenantId?: string; - workspaceId?: string; - friendlyName?: string; - taxiiServer?: string; - collectionId?: string; - userName?: string; - password?: string; - taxiiLookbackPeriod?: Date; - pollingFrequency?: PollingFrequency; - dataTypes?: TiTaxiiDataConnectorDataTypes; + dataTypes?: OfficeDataConnectorDataTypes; }; // @public -export interface TiTaxiiDataConnectorDataTypes { - taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient; +export interface OfficeDataConnectorDataTypes { + exchange?: OfficeDataConnectorDataTypesExchange; + sharePoint?: OfficeDataConnectorDataTypesSharePoint; + teams?: OfficeDataConnectorDataTypesTeams; } // @public -export type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {}; +export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; // @public -export type TiTaxiiDataConnectorProperties = DataConnectorTenantId & { - workspaceId?: string; - friendlyName?: string; - taxiiServer?: string; - collectionId?: string; - userName?: string; - password?: string; - taxiiLookbackPeriod?: Date; - pollingFrequency: PollingFrequency | null; - dataTypes: TiTaxiiDataConnectorDataTypes; -}; +export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; // @public -export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; +export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; // @public -export type TriggersOn = string; +export interface Operation { + display?: OperationDisplay; + name?: string; + origin?: string; +} // @public -export type TriggersWhen = string; +export interface OperationDisplay { + description?: string; + operation?: string; + provider?: string; + resource?: string; +} // @public -export type Ueba = Settings & { - dataSources?: UebaDataSources[]; -}; +export interface Operations { + list(options?: OperationsListOptionalParams): PagedAsyncIterableIterator; +} // @public -export type UebaDataSources = string; +export interface OperationsList { + nextLink?: string; + value: Operation[]; +} // @public -export type UrlEntity = Entity & { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly url?: string; -}; +export interface OperationsListNextOptionalParams extends coreClient.OperationOptions { +} // @public -export type UrlEntityProperties = EntityCommonProperties & { - readonly url?: string; -}; +export type OperationsListNextResponse = OperationsList; // @public -export interface UserInfo { - readonly email?: string; - readonly name?: string; - objectId?: string; +export interface OperationsListOptionalParams extends coreClient.OperationOptions { } // @public -export type Watchlist = ResourceWithEtag & { - watchlistId?: string; - displayName?: string; - provider?: string; - source?: Source; - created?: Date; - updated?: Date; - createdBy?: UserInfo; - updatedBy?: UserInfo; - description?: string; - watchlistType?: string; - watchlistAlias?: string; - isDeleted?: boolean; - labels?: string[]; - defaultDuration?: string; - tenantId?: string; - numberOfLinesToSkip?: number; - rawContent?: string; - itemsSearchKey?: string; - contentType?: string; - uploadStatus?: string; - watchlistItemsCount?: number; -}; +export type OperationsListResponse = OperationsList; // @public -export type WatchlistItem = ResourceWithEtag & { - watchlistItemType?: string; - watchlistItemId?: string; - tenantId?: string; - isDeleted?: boolean; - created?: Date; - updated?: Date; - createdBy?: UserInfo; - updatedBy?: UserInfo; - itemsKeyValue?: Record; - entityMapping?: Record; -}; +export interface Resource { + readonly id?: string; + readonly name?: string; + readonly type?: string; +} // @public -export interface WatchlistItemList { - readonly nextLink?: string; - value: WatchlistItem[]; +export interface ResourceWithEtag { + etag?: string; + readonly id?: string; + readonly name?: string; + readonly type?: string; } // @public -export interface WatchlistItems { - createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: WatchlistItem, options?: WatchlistItemsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: WatchlistItemsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: WatchlistItemsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistItemsListOptionalParams): PagedAsyncIterableIterator; -} +export type ScheduledAlertRule = AlertRule & { + query?: string; + queryFrequency?: string; + queryPeriod?: string; + severity?: AlertSeverity; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; + alertRuleTemplateName?: string; + description?: string; + displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + suppressionDuration?: string; + suppressionEnabled?: boolean; + tactics?: AttackTactic[]; +}; // @public -export interface WatchlistItemsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +export interface ScheduledAlertRuleCommonProperties { + query?: string; + queryFrequency?: string; + queryPeriod?: string; + severity?: AlertSeverity; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; } // @public -export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & { + alertRuleTemplateName?: string; + description?: string; + displayName: string; + enabled: boolean; + readonly lastModifiedUtc?: Date; + suppressionDuration: string; + suppressionEnabled: boolean; + tactics?: AttackTactic[]; +}; // @public -export interface WatchlistItemsDeleteOptionalParams extends coreClient.OperationOptions { -} +export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + query?: string; + queryFrequency?: string; + queryPeriod?: string; + severity?: AlertSeverity; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; + tactics?: AttackTactic[]; +}; -// @public -export interface WatchlistItemsGetOptionalParams extends coreClient.OperationOptions { +// @public (undocumented) +export class SecurityInsights extends coreClient.ServiceClient { + // (undocumented) + $host: string; + constructor(credentials: coreAuth.TokenCredential, subscriptionId: string, options?: SecurityInsightsOptionalParams); + // (undocumented) + actions: Actions; + // (undocumented) + alertRules: AlertRules; + // (undocumented) + alertRuleTemplates: AlertRuleTemplates; + // (undocumented) + apiVersion: string; + // (undocumented) + bookmarks: Bookmarks; + // (undocumented) + dataConnectors: DataConnectors; + // (undocumented) + incidentComments: IncidentComments; + // (undocumented) + incidents: Incidents; + // (undocumented) + operations: Operations; + // (undocumented) + subscriptionId: string; } // @public -export type WatchlistItemsGetResponse = WatchlistItem; - -// @public -export interface WatchlistItemsListNextOptionalParams extends coreClient.OperationOptions { +export interface SecurityInsightsOptionalParams extends coreClient.ServiceClientOptions { + $host?: string; + apiVersion?: string; + endpoint?: string; } // @public -export type WatchlistItemsListNextResponse = WatchlistItemList; +export type SettingKind = string; // @public -export interface WatchlistItemsListOptionalParams extends coreClient.OperationOptions { -} +export type Settings = ResourceWithEtag & { + kind: SettingKind; +}; -// @public -export type WatchlistItemsListResponse = WatchlistItemList; +// @public (undocumented) +export type SettingsUnion = Settings | ToggleSettings | UebaSettings; // @public -export interface WatchlistList { - readonly nextLink?: string; - value: Watchlist[]; -} +export type StatusInMcas = string; // @public -export interface Watchlists { - createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlist: Watchlist, options?: WatchlistsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: WatchlistsListOptionalParams): PagedAsyncIterableIterator; -} +export type TemplateStatus = string; // @public -export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +export interface ThreatIntelligence { + readonly confidence?: number; + readonly providerName?: string; + readonly reportLink?: string; + readonly threatDescription?: string; + readonly threatName?: string; + readonly threatType?: string; } // @public -export type WatchlistsCreateOrUpdateResponse = Watchlist; +export type TIDataConnector = DataConnector & { + tenantId?: string; + tipLookbackPeriod?: Date; + dataTypes?: TIDataConnectorDataTypes; +}; // @public -export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions { +export interface TIDataConnectorDataTypes { + indicators?: TIDataConnectorDataTypesIndicators; } // @public -export interface WatchlistsGetOptionalParams extends coreClient.OperationOptions { -} +export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; // @public -export type WatchlistsGetResponse = Watchlist; +export type ToggleSettings = Settings & { + isEnabled?: boolean; +}; // @public -export interface WatchlistsListNextOptionalParams extends coreClient.OperationOptions { -} +export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; // @public -export type WatchlistsListNextResponse = WatchlistList; +export type UebaSettings = Settings & { + readonly atpLicenseStatus?: LicenseStatus; + isEnabled?: boolean; + readonly statusInMcas?: StatusInMcas; +}; // @public -export interface WatchlistsListOptionalParams extends coreClient.OperationOptions { +export interface UserInfo { + readonly email?: string; + readonly name?: string; + objectId: string | null; } -// @public -export type WatchlistsListResponse = WatchlistList; - // (No @packageDocumentation comment for this package) ``` diff --git a/sdk/securityinsight/arm-securityinsight/sample.env b/sdk/securityinsight/arm-securityinsight/sample.env deleted file mode 100644 index 672847a3fea0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/sample.env +++ /dev/null @@ -1,4 +0,0 @@ -# App registration secret for AAD authentication -AZURE_CLIENT_SECRET= -AZURE_CLIENT_ID= -AZURE_TENANT_ID= \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/appendTagsToAThreatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/appendTagsToAThreatIntelligenceIndicator.ts deleted file mode 100644 index 2c78bcb43f11..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/appendTagsToAThreatIntelligenceIndicator.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Append tags to a threat intelligence indicator. - * - * @summary Append tags to a threat intelligence indicator. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json - */ -import { - ThreatIntelligenceAppendTags, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function appendTagsToAThreatIntelligenceIndicator() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93"; - const threatIntelligenceAppendTags: ThreatIntelligenceAppendTags = { - threatIntelligenceTags: ["tag1", "tag2"] - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicator.appendTags( - resourceGroupName, - workspaceName, - name, - threatIntelligenceAppendTags - ); - console.log(result); -} - -appendTagsToAThreatIntelligenceIndicator().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAad.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAad.ts deleted file mode 100644 index 9ba4a9a5b6a4..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAad.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json - */ -import { - AADCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForAad() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: AADCheckRequirements = { - kind: "AzureActiveDirectory", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForAad().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAadNoAuthorization.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAadNoAuthorization.ts deleted file mode 100644 index 12939965dc51..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAadNoAuthorization.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json - */ -import { - AADCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForAadNoAuthorization() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: AADCheckRequirements = { - kind: "AzureActiveDirectory", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForAadNoAuthorization().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAadNoLicense.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAadNoLicense.ts deleted file mode 100644 index 5377418a066d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAadNoLicense.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json - */ -import { - AADCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForAadNoLicense() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: AADCheckRequirements = { - kind: "AzureActiveDirectory", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForAadNoLicense().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAsc.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAsc.ts deleted file mode 100644 index dad20f08a7cf..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForAsc.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json - */ -import { - ASCCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForAsc() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: ASCCheckRequirements = { - kind: "AzureSecurityCenter", - subscriptionId: "c0688291-89d7-4bed-87a2-a7b1bff43f4c" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForAsc().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForDynamics365.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForDynamics365.ts deleted file mode 100644 index 4a40c2d2454b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForDynamics365.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json - */ -import { - Dynamics365CheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForDynamics365() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: Dynamics365CheckRequirements = { - kind: "Dynamics365", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForDynamics365().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMcas.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMcas.ts deleted file mode 100644 index 72115065bd0a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMcas.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json - */ -import { - McasCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForMcas() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: McasCheckRequirements = { - kind: "MicrosoftCloudAppSecurity", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForMcas().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMdatp.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMdatp.ts deleted file mode 100644 index 518fb624297c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMdatp.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json - */ -import { - McasCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForMdatp() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: McasCheckRequirements = { - kind: "MicrosoftCloudAppSecurity", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForMdatp().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMicrosoftThreatIntelligence.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMicrosoftThreatIntelligence.ts deleted file mode 100644 index b7ee470b9bc9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMicrosoftThreatIntelligence.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json - */ -import { - MstiCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForMicrosoftThreatIntelligence() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: MstiCheckRequirements = { - kind: "MicrosoftThreatIntelligence", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForMicrosoftThreatIntelligence().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMicrosoftThreatProtection.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMicrosoftThreatProtection.ts deleted file mode 100644 index f48dce332ad7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForMicrosoftThreatProtection.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json - */ -import { - MtpCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForMicrosoftThreatProtection() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: MtpCheckRequirements = { - kind: "MicrosoftThreatProtection", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForMicrosoftThreatProtection().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForOfficeAtp.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForOfficeAtp.ts deleted file mode 100644 index 79e5007f2608..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForOfficeAtp.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json - */ -import { - OfficeATPCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForOfficeAtp() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: OfficeATPCheckRequirements = { - kind: "OfficeATP", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForOfficeAtp().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForOfficeIrm.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForOfficeIrm.ts deleted file mode 100644 index 3e7231a6be43..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForOfficeIrm.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json - */ -import { - OfficeIRMCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForOfficeIrm() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: OfficeIRMCheckRequirements = { - kind: "OfficeIRM", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForOfficeIrm().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForTi.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForTi.ts deleted file mode 100644 index b914f9bb4260..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForTi.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json - */ -import { - TICheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForTi() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: TICheckRequirements = { - kind: "ThreatIntelligence", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForTi().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForTiTaxii.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForTiTaxii.ts deleted file mode 100644 index f0083b03a524..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/checkRequirementsForTiTaxii.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get requirements state for a data connector type. - * - * @summary Get requirements state for a data connector type. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json - */ -import { - TiTaxiiCheckRequirements, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function checkRequirementsForTiTaxii() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorsCheckRequirements: TiTaxiiCheckRequirements = { - kind: "ThreatIntelligenceTaxii", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectorsCheckRequirementsOperations.post( - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements - ); - console.log(result); -} - -checkRequirementsForTiTaxii().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/connectAnApiPollingDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/connectAnApiPollingDataConnector.ts deleted file mode 100644 index ac4355385373..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/connectAnApiPollingDataConnector.ts +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Connects a data connector. - * - * @summary Connects a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json - */ -import { - DataConnectorConnectBody, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function connectAnApiPollingDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const connectBody: DataConnectorConnectBody = { - apiKey: "123456789", - kind: "APIKey", - requestConfigUserInputValues: [ - { - displayText: "Organization Name", - placeHolderName: "{{placeHolder1}}", - placeHolderValue: "somePlaceHolderValue", - requestObjectKey: "apiEndpoint" - } - ] - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.connect( - resourceGroupName, - workspaceName, - dataConnectorId, - connectBody - ); - console.log(result); -} - -connectAnApiPollingDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createANewThreatIntelligence.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createANewThreatIntelligence.ts deleted file mode 100644 index b3f4ccd57bcd..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createANewThreatIntelligence.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Create a new threat intelligence indicator. - * - * @summary Create a new threat intelligence indicator. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json - */ -import { - ThreatIntelligenceIndicatorModelForRequestBody, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createANewThreatIntelligence() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody = { - description: "debugging indicators", - confidence: 78, - createdByRef: "contoso@contoso.com", - displayName: "new schema", - externalReferences: [], - granularMarkings: [], - killChainPhases: [], - kind: "indicator", - labels: [], - modified: "", - pattern: "[url:value = 'https://www.contoso.com']", - patternType: "url", - revoked: false, - source: "Azure Sentinel", - threatIntelligenceTags: ["new schema"], - threatTypes: ["compromised"], - validFrom: "2021-09-15T17:44:00.114052Z", - validUntil: "" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicator.createIndicator( - resourceGroupName, - workspaceName, - threatIntelligenceProperties - ); - console.log(result); -} - -createANewThreatIntelligence().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createOrUpdateFullMetadata.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createOrUpdateFullMetadata.ts deleted file mode 100644 index eba217cff89a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createOrUpdateFullMetadata.ts +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Create a Metadata. - * - * @summary Create a Metadata. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PutMetadata.json - */ -import { MetadataModel, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createOrUpdateFullMetadata() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const metadataName = "metadataName"; - const metadata: MetadataModel = { - author: { name: "User Name", email: "email@microsoft.com" }, - categories: { - domains: ["Application", "Security – Insider Threat"], - verticals: ["Healthcare"] - }, - contentId: "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - dependencies: { - criteria: [ - { - criteria: [ - { - name: "Microsoft Defender for Endpoint", - contentId: "045d06d0-ee72-4794-aba4-cf5646e4c756", - kind: "DataConnector" - }, - { - contentId: "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", - kind: "DataConnector" - }, - { - contentId: "de4dca9b-eb37-47d6-a56f-b8b06b261593", - kind: "DataConnector", - version: "2.0" - } - ], - operator: "OR" - }, - { - contentId: "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", - kind: "Playbook", - version: "1.0" - }, - { contentId: "21ba424a-9438-4444-953a-7059539a7a1b", kind: "Parser" } - ], - operator: "AND" - }, - firstPublishDate: new Date("2021-05-18"), - kind: "AnalyticsRule", - lastPublishDate: new Date("2021-05-18"), - parentId: - "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - providers: ["Amazon", "Microsoft"], - source: { - name: "Contoso Solution 1.0", - kind: "Solution", - sourceId: "b688a130-76f4-4a07-bf57-762222a3cadf" - }, - support: { - name: "Microsoft", - email: "support@microsoft.com", - link: "https://support.microsoft.com/", - tier: "Partner" - }, - version: "1.0.0.0" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.metadata.create( - resourceGroupName, - workspaceName, - metadataName, - metadata - ); - console.log(result); -} - -createOrUpdateFullMetadata().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createOrUpdateMinimalMetadata.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createOrUpdateMinimalMetadata.ts deleted file mode 100644 index efa1f054c69e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createOrUpdateMinimalMetadata.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Create a Metadata. - * - * @summary Create a Metadata. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PutMetadataMinimal.json - */ -import { MetadataModel, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createOrUpdateMinimalMetadata() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const metadataName = "metadataName"; - const metadata: MetadataModel = { - contentId: "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - kind: "AnalyticsRule", - parentId: - "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.metadata.create( - resourceGroupName, - workspaceName, - metadataName, - metadata - ); - console.log(result); -} - -createOrUpdateMinimalMetadata().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createSentinelOnboardingState.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createSentinelOnboardingState.ts deleted file mode 100644 index 648c490a3bda..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createSentinelOnboardingState.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Create Sentinel onboarding state - * - * @summary Create Sentinel onboarding state - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json - */ -import { - SentinelOnboardingState, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createSentinelOnboardingState() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const sentinelOnboardingStateName = "default"; - const sentinelOnboardingStateParameter: SentinelOnboardingState = { - customerManagedKey: false - }; - const options = { - sentinelOnboardingStateParameter: sentinelOnboardingStateParameter - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sentinelOnboardingStates.create( - resourceGroupName, - workspaceName, - sentinelOnboardingStateName, - options - ); - console.log(result); -} - -createSentinelOnboardingState().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsASourceControl.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsASourceControl.ts deleted file mode 100644 index 9019501b7149..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsASourceControl.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates a source control. - * - * @summary Creates a source control. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/CreateSourceControl.json - */ -import { SourceControl, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsASourceControl() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const sourceControlId = "789e0c1f-4a3d-43ad-809c-e713b677b04a"; - const sourceControl: SourceControl = { - description: "This is a source control", - contentTypes: ["AnalyticRules", "Workbook"], - displayName: "My Source Control", - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - repoType: "Github", - repository: { - branch: "master", - displayUrl: "https://github.com/user/repo", - pathMapping: [ - { path: "path/to/rules", contentType: "AnalyticRules" }, - { path: "path/to/workbooks", contentType: "Workbook" } - ], - url: "https://github.com/user/repo" - } - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sourceControls.create( - resourceGroupName, - workspaceName, - sourceControlId, - sourceControl - ); - console.log(result); -} - -createsASourceControl().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsIncidentTeamsGroup.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsIncidentTeamsGroup.ts deleted file mode 100644 index 6d6b316b017f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsIncidentTeamsGroup.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates a Microsoft team to investigate the incident by sharing information and insights between participants. - * - * @summary Creates a Microsoft team to investigate the incident by sharing information and insights between participants. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/CreateTeam.json - */ -import { TeamProperties, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsIncidentTeamsGroup() { - const subscriptionId = "9023f5b5-df22-4313-8fbf-b4b75af8a6d9"; - const resourceGroupName = "ambawolvese5resourcegroup"; - const workspaceName = "AmbaE5WestCentralUS"; - const incidentId = "69a30280-6a4c-4aa7-9af0-5d63f335d600"; - const teamProperties: TeamProperties = { - teamDescription: "Team description", - teamName: "Team name" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.createTeam( - resourceGroupName, - workspaceName, - incidentId, - teamProperties - ); - console.log(result); -} - -createsIncidentTeamsGroup().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAApiPollingDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAApiPollingDataConnector.ts deleted file mode 100644 index 56dcac374830..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAApiPollingDataConnector.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the data connector. - * - * @summary Creates or updates the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateAPIPolling.json - */ -import { - CodelessApiPollingDataConnector, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAApiPollingDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const dataConnector: CodelessApiPollingDataConnector = { - connectorUiConfig: { - availability: { isPreview: true, status: 1 }, - connectivityCriteria: [{ type: "SentinelKindsV2", value: [] }], - dataTypes: [ - { - name: "{{graphQueriesTableName}}", - lastDataReceivedQuery: - "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - descriptionMarkdown: - "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", - graphQueries: [ - { - baseQuery: "{{graphQueriesTableName}}", - legend: "GitHub audit log events", - metricName: "Total events received" - } - ], - graphQueriesTableName: "GitHubAuditLogPolling_CL", - instructionSteps: [ - { - description: - "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", - instructions: [ - { - type: "APIKey", - parameters: { - enable: "true", - userRequestPlaceHoldersInput: [ - { - displayText: "Organization Name", - placeHolderName: "{{placeHolder1}}", - placeHolderValue: "", - requestObjectKey: "apiEndpoint" - } - ] - } - } - ], - title: "Connect GitHub Enterprise Audit Log to Azure Sentinel" - } - ], - permissions: { - customs: [ - { - name: "GitHub API personal token Key", - description: - "You need access to GitHub personal token, the key should have 'admin:org' scope" - } - ], - resourceProvider: [ - { - permissionsDisplayText: "read and write permissions are required.", - provider: "Microsoft.OperationalInsights/workspaces", - providerDisplayName: "Workspace", - requiredPermissions: { delete: true, read: true, write: true }, - scope: "Workspace" - } - ] - }, - publisher: "GitHub", - sampleQueries: [ - { - description: "All logs", - query: "{{graphQueriesTableName}}\n | take 10 " - } - ], - title: "GitHub Enterprise Audit Log" - }, - kind: "APIPolling", - pollingConfig: { - auth: { - apiKeyIdentifier: "token", - apiKeyName: "Authorization", - authType: "APIKey" - }, - paging: { pageSizeParaName: "per_page", pagingType: "LinkHeader" }, - response: { eventsJsonPaths: ["$"] }, - request: { - apiEndpoint: - "https://api.github.com/organizations/{{placeHolder1}}/audit-log", - headers: { Accept: "application/json", "User-Agent": "Scuba" }, - httpMethod: "Get", - queryParameters: { - phrase: "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" - }, - queryTimeFormat: "yyyy-MM-ddTHH:mm:ssZ", - queryWindowInMin: 15, - rateLimitQps: 50, - retryCount: 2, - timeoutInSeconds: 60 - } - } - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.createOrUpdate( - resourceGroupName, - workspaceName, - dataConnectorId, - dataConnector - ); - console.log(result); -} - -createsOrUpdatesAApiPollingDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesABookmark.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesABookmark.ts deleted file mode 100644 index 644a882e8772..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesABookmark.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the bookmark. - * - * @summary Creates or updates the bookmark. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/CreateBookmark.json - */ -import { Bookmark, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesABookmark() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const bookmark: Bookmark = { - created: new Date("2021-09-01T13:15:30Z"), - createdBy: { objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70" }, - displayName: "My bookmark", - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - labels: ["Tag1", "Tag2"], - notes: "Found a suspicious activity", - query: - "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - queryResult: "Security Event query result", - updated: new Date("2021-09-01T13:15:30Z"), - updatedBy: { objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70" } - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarks.createOrUpdate( - resourceGroupName, - workspaceName, - bookmarkId, - bookmark - ); - console.log(result); -} - -createsOrUpdatesABookmark().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesABookmarkRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesABookmarkRelation.ts deleted file mode 100644 index efe7550ea9d3..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesABookmarkRelation.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates the bookmark relation. - * - * @summary Creates the bookmark relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json - */ -import { Relation, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesABookmarkRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "2216d0e1-91e3-4902-89fd-d2df8c535096"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const relation: Relation = { - relatedResourceId: - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarkRelations.createOrUpdate( - resourceGroupName, - workspaceName, - bookmarkId, - relationName, - relation - ); - console.log(result); -} - -createsOrUpdatesABookmarkRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesADynamics365DataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesADynamics365DataConnector.ts deleted file mode 100644 index 2cee47940896..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesADynamics365DataConnector.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the data connector. - * - * @summary Creates or updates the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json - */ -import { - Dynamics365DataConnector, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesADynamics365DataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c2541efb-c9a6-47fe-9501-87d1017d1512"; - const dataConnector: Dynamics365DataConnector = { - dataTypes: { dynamics365CdsActivities: { state: "Enabled" } }, - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - kind: "Dynamics365", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.createOrUpdate( - resourceGroupName, - workspaceName, - dataConnectorId, - dataConnector - ); - console.log(result); -} - -createsOrUpdatesADynamics365DataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAFusionAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAFusionAlertRule.ts deleted file mode 100644 index 717de53c8655..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAFusionAlertRule.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the alert rule. - * - * @summary Creates or updates the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/CreateFusionAlertRule.json - */ -import { FusionAlertRule, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAFusionAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "myFirstFusionRule"; - const alertRule: FusionAlertRule = { - alertRuleTemplateName: "f71aba3d-28fb-450b-b192-4e76a83015c8", - enabled: true, - etag: "3d00c3ca-0000-0100-0000-5d42d5010000", - kind: "Fusion" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.createOrUpdate( - resourceGroupName, - workspaceName, - ruleId, - alertRule - ); - console.log(result); -} - -createsOrUpdatesAFusionAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAGenericUiDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAGenericUiDataConnector.ts deleted file mode 100644 index 242eb36f3fc0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAGenericUiDataConnector.ts +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the data connector. - * - * @summary Creates or updates the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateGenericUI.json - */ -import { - CodelessUiDataConnector, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAGenericUiDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const dataConnector: CodelessUiDataConnector = { - connectorUiConfig: { - availability: { isPreview: true, status: 1 }, - connectivityCriteria: [ - { - type: "IsConnectedQuery", - value: [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - dataTypes: [ - { - name: "{{graphQueriesTableName}}", - lastDataReceivedQuery: - "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - descriptionMarkdown: - "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - graphQueries: [ - { - baseQuery: "{{graphQueriesTableName}}", - legend: "{{graphQueriesTableName}}", - metricName: "Total data received" - } - ], - graphQueriesTableName: "QualysHostDetection_CL", - instructionSteps: [ - { - description: - ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", - title: "" - }, - { - description: - ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", - title: "" - }, - { - description: - "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", - title: "" - }, - { - description: - "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - instructions: [ - { - type: "CopyableLabel", - parameters: { fillWith: ["WorkspaceId"], label: "Workspace ID" } - }, - { - type: "CopyableLabel", - parameters: { fillWith: ["PrimaryKey"], label: "Primary Key" } - } - ], - title: "" - }, - { - description: - 'Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n [![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an "&" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.', - title: "Option 1 - Azure Resource Manager (ARM) Template" - }, - { - description: - "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", - title: "Option 2 - Manual Deployment of Azure Functions" - }, - { - description: - "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", - title: "" - }, - { - description: - "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", - title: "" - }, - { - description: - '**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n apiUsername\n apiPassword\n workspaceID\n workspaceKey\n uri\n filterParameters\n timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an "&" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.', - title: "" - }, - { - description: - '**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `"functionTimeout": "00:10:00",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)', - title: "" - } - ], - permissions: { - customs: [ - { - name: "Microsoft.Web/sites permissions", - description: - "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - name: "Qualys API Key", - description: - "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." - } - ], - resourceProvider: [ - { - permissionsDisplayText: - "read and write permissions on the workspace are required.", - provider: "Microsoft.OperationalInsights/workspaces", - providerDisplayName: "Workspace", - requiredPermissions: { delete: true, read: true, write: true }, - scope: "Workspace" - }, - { - permissionsDisplayText: - "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - provider: "Microsoft.OperationalInsights/workspaces/sharedKeys", - providerDisplayName: "Keys", - requiredPermissions: { action: true }, - scope: "Workspace" - } - ] - }, - publisher: "Qualys", - sampleQueries: [ - { - description: "Top 10 Vulerabilities detected", - query: - "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" - } - ], - title: "Qualys Vulnerability Management (CCP DEMO)" - }, - kind: "GenericUI" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.createOrUpdate( - resourceGroupName, - workspaceName, - dataConnectorId, - dataConnector - ); - console.log(result); -} - -createsOrUpdatesAGenericUiDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAMicrosoftSecurityIncidentCreationRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAMicrosoftSecurityIncidentCreationRule.ts deleted file mode 100644 index acb0f608c12b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAMicrosoftSecurityIncidentCreationRule.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the alert rule. - * - * @summary Creates or updates the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json - */ -import { - MicrosoftSecurityIncidentCreationAlertRule, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAMicrosoftSecurityIncidentCreationRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "microsoftSecurityIncidentCreationRuleExample"; - const alertRule: MicrosoftSecurityIncidentCreationAlertRule = { - displayName: "testing displayname", - enabled: true, - etag: '"260097e0-0000-0d00-0000-5d6fa88f0000"', - kind: "MicrosoftSecurityIncidentCreation", - productFilter: "Microsoft Cloud App Security" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.createOrUpdate( - resourceGroupName, - workspaceName, - ruleId, - alertRule - ); - console.log(result); -} - -createsOrUpdatesAMicrosoftSecurityIncidentCreationRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesANrtAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesANrtAlertRule.ts deleted file mode 100644 index f5abe41d2354..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesANrtAlertRule.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the alert rule. - * - * @summary Creates or updates the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/CreateNrtAlertRule.json - */ -import { NrtAlertRule, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesANrtAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const alertRule: NrtAlertRule = { - description: "", - displayName: "Rule2", - enabled: true, - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - incidentConfiguration: { - createIncident: true, - groupingConfiguration: { - enabled: true, - groupByEntities: ["Host", "Account"], - lookbackDuration: "PT5H", - matchingMethod: "Selected", - reopenClosedIncident: false - } - }, - kind: "NRT", - query: - "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - severity: "High", - suppressionDuration: "PT1H", - suppressionEnabled: false, - tactics: ["Persistence", "LateralMovement"] - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.createOrUpdate( - resourceGroupName, - workspaceName, - ruleId, - alertRule - ); - console.log(result); -} - -createsOrUpdatesANrtAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAScheduledAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAScheduledAlertRule.ts deleted file mode 100644 index 7944dfca8e72..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAScheduledAlertRule.ts +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the alert rule. - * - * @summary Creates or updates the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json - */ -import { - ScheduledAlertRule, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAScheduledAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const alertRule: ScheduledAlertRule = { - description: "An example for a scheduled rule", - alertDetailsOverride: { - alertDescriptionFormat: "Suspicious activity was made by {{ComputerIP}}", - alertDisplayNameFormat: "Alert from {{Computer}}" - }, - customDetails: { - operatingSystemName: "OSName", - operatingSystemType: "OSType" - }, - displayName: "My scheduled rule", - enabled: true, - entityMappings: [ - { - entityType: "Host", - fieldMappings: [{ columnName: "Computer", identifier: "FullName" }] - }, - { - entityType: "IP", - fieldMappings: [{ columnName: "ComputerIP", identifier: "Address" }] - } - ], - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - eventGroupingSettings: { aggregationKind: "AlertPerResult" }, - incidentConfiguration: { - createIncident: true, - groupingConfiguration: { - enabled: true, - groupByAlertDetails: ["DisplayName"], - groupByCustomDetails: ["OperatingSystemType", "OperatingSystemName"], - groupByEntities: ["Host"], - lookbackDuration: "PT5H", - matchingMethod: "Selected", - reopenClosedIncident: false - } - }, - kind: "Scheduled", - query: "Heartbeat", - queryFrequency: "PT1H", - queryPeriod: "P2DT1H30M", - severity: "High", - suppressionDuration: "PT1H", - suppressionEnabled: false, - tactics: ["Persistence", "LateralMovement"], - triggerOperator: "GreaterThan", - triggerThreshold: 0 - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.createOrUpdate( - resourceGroupName, - workspaceName, - ruleId, - alertRule - ); - console.log(result); -} - -createsOrUpdatesAScheduledAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAThreatIntelligenceTaxiiDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAThreatIntelligenceTaxiiDataConnector.ts deleted file mode 100644 index b90e4357667b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAThreatIntelligenceTaxiiDataConnector.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the data connector. - * - * @summary Creates or updates the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json - */ -import { - TiTaxiiDataConnector, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAThreatIntelligenceTaxiiDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const dataConnector: TiTaxiiDataConnector = { - collectionId: "135", - dataTypes: { taxiiClient: { state: "Enabled" } }, - etag: "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - friendlyName: "testTaxii", - kind: "ThreatIntelligenceTaxii", - password: "--", - pollingFrequency: "OnceADay", - taxiiLookbackPeriod: new Date("2020-01-01T13:00:30.123Z"), - taxiiServer: "https://limo.anomali.com/api/v1/taxii2/feeds", - tenantId: "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - userName: "--", - workspaceId: "dd124572-4962-4495-9bd2-9dade12314b4" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.createOrUpdate( - resourceGroupName, - workspaceName, - dataConnectorId, - dataConnector - ); - console.log(result); -} - -createsOrUpdatesAThreatIntelligenceTaxiiDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlist.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlist.ts deleted file mode 100644 index 8b9b564ab925..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlist.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. - * - * @summary Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlist.json - */ -import { Watchlist, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAWatchlist() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const watchlist: Watchlist = { - description: "Watchlist from CSV content", - displayName: "High Value Assets Watchlist", - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - itemsSearchKey: "header1", - provider: "Microsoft", - source: "Local file" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlists.createOrUpdate( - resourceGroupName, - workspaceName, - watchlistAlias, - watchlist - ); - console.log(result); -} - -createsOrUpdatesAWatchlist().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlistAndBulkCreatesWatchlistItems.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlistAndBulkCreatesWatchlistItems.ts deleted file mode 100644 index e8822f496ef2..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlistAndBulkCreatesWatchlistItems.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. - * - * @summary Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json - */ -import { Watchlist, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAWatchlistAndBulkCreatesWatchlistItems() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const watchlist: Watchlist = { - description: "Watchlist from CSV content", - contentType: "text/csv", - displayName: "High Value Assets Watchlist", - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - itemsSearchKey: "header1", - numberOfLinesToSkip: 1, - provider: "Microsoft", - rawContent: "This line will be skipped\nheader1,header2\nvalue1,value2", - source: "Local file" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlists.createOrUpdate( - resourceGroupName, - workspaceName, - watchlistAlias, - watchlist - ); - console.log(result); -} - -createsOrUpdatesAWatchlistAndBulkCreatesWatchlistItems().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlistItem.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlistItem.ts deleted file mode 100644 index 324c8e20ee5e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAWatchlistItem.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates a watchlist item. - * - * @summary Creates or updates a watchlist item. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlistItem.json - */ -import { WatchlistItem, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAWatchlistItem() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const watchlistItemId = "82ba292c-dc97-4dfc-969d-d4dd9e666842"; - const watchlistItem: WatchlistItem = { - etag: "0300bf09-0000-0000-0000-5c37296e0000", - itemsKeyValue: { - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Gateway subnet": "10.0.255.224/27", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27", - "Web Tier": "10.0.1.0/24" - } - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlistItems.createOrUpdate( - resourceGroupName, - workspaceName, - watchlistAlias, - watchlistItemId, - watchlistItem - ); - console.log(result); -} - -createsOrUpdatesAWatchlistItem().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnActionOfAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnActionOfAlertRule.ts deleted file mode 100644 index a3772f08b1e7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnActionOfAlertRule.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the action of alert rule. - * - * @summary Creates or updates the action of alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/CreateActionOfAlertRule.json - */ -import { ActionRequest, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnActionOfAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const actionId = "912bec42-cb66-4c03-ac63-1761b6898c3e"; - const action: ActionRequest = { - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - logicAppResourceId: - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", - triggerUri: - "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.actions.createOrUpdate( - resourceGroupName, - workspaceName, - ruleId, - actionId, - action - ); - console.log(result); -} - -createsOrUpdatesAnActionOfAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnActivityEntityQuery.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnActivityEntityQuery.ts deleted file mode 100644 index ebb04b068400..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnActivityEntityQuery.ts +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the entity query. - * - * @summary Creates or updates the entity query. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json - */ -import { - ActivityCustomEntityQuery, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnActivityEntityQuery() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityQueryId = "07da3cc8-c8ad-4710-a44e-334cdcb7882b"; - const entityQuery: ActivityCustomEntityQuery = { - description: "Account deleted on host", - content: - "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", - enabled: true, - entitiesFilter: { hostOsFamily: ["Windows"] }, - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - inputEntityType: "Host", - kind: "Activity", - queryDefinitions: { - query: - "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\', tostring(split(Computer, '\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\', tostring(split(Computer, '\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\', tostring(split(Computer, '\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " - }, - requiredInputFieldsSets: [ - ["Host_HostName", "Host_NTDomain"], - ["Host_HostName", "Host_DnsDomain"], - ["Host_AzureID"], - ["Host_OMSAgentID"] - ], - templateName: undefined, - title: "An account was deleted on this host" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entityQueries.createOrUpdate( - resourceGroupName, - workspaceName, - entityQueryId, - entityQuery - ); - console.log(result); -} - -createsOrUpdatesAnActivityEntityQuery().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnAutomationRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnAutomationRule.ts deleted file mode 100644 index 126daa10af28..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnAutomationRule.ts +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the automation rule. - * - * @summary Creates or updates the automation rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/CreateAutomationRule.json - */ -import { AutomationRule, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnAutomationRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const automationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const automationRule: AutomationRule = { - actions: [ - { - actionConfiguration: { severity: "High" }, - actionType: "ModifyProperties", - order: 1 - }, - { - actionConfiguration: { - logicAppResourceId: - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook", - tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc" - }, - actionType: "RunPlaybook", - order: 2 - } - ], - displayName: "High severity incidents escalation", - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - order: 1, - triggeringLogic: { - conditions: [ - { - conditionProperties: { - operator: "Contains", - propertyName: "IncidentRelatedAnalyticRuleIds", - propertyValues: [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - }, - conditionType: "Property" - } - ], - isEnabled: true, - triggersOn: "Incidents", - triggersWhen: "Created" - } - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.automationRules.createOrUpdate( - resourceGroupName, - workspaceName, - automationRuleId, - automationRule - ); - console.log(result); -} - -createsOrUpdatesAnAutomationRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncident.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncident.ts deleted file mode 100644 index 323c285a287e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncident.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the incident. - * - * @summary Creates or updates the incident. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/CreateIncident.json - */ -import { Incident, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnIncident() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const incident: Incident = { - description: "This is a demo incident", - classification: "FalsePositive", - classificationComment: "Not a malicious activity", - classificationReason: "IncorrectAlertLogic", - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - firstActivityTimeUtc: new Date("2019-01-01T13:00:30Z"), - lastActivityTimeUtc: new Date("2019-01-01T13:05:30Z"), - owner: { objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70" }, - severity: "High", - status: "Closed", - title: "My incident" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.createOrUpdate( - resourceGroupName, - workspaceName, - incidentId, - incident - ); - console.log(result); -} - -createsOrUpdatesAnIncident().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncidentComment.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncidentComment.ts deleted file mode 100644 index 55d671c4631f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncidentComment.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the incident comment. - * - * @summary Creates or updates the incident comment. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/CreateIncidentComment.json - */ -import { IncidentComment, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnIncidentComment() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const incidentCommentId = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const incidentComment: IncidentComment = { message: "Some message" }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidentComments.createOrUpdate( - resourceGroupName, - workspaceName, - incidentId, - incidentCommentId, - incidentComment - ); - console.log(result); -} - -createsOrUpdatesAnIncidentComment().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncidentRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncidentRelation.ts deleted file mode 100644 index 016a8546f067..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnIncidentRelation.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the incident relation. - * - * @summary Creates or updates the incident relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json - */ -import { Relation, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnIncidentRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const relation: Relation = { - relatedResourceId: - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidentRelations.createOrUpdate( - resourceGroupName, - workspaceName, - incidentId, - relationName, - relation - ); - console.log(result); -} - -createsOrUpdatesAnIncidentRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnOffice365DataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnOffice365DataConnector.ts deleted file mode 100644 index 2455611d924c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnOffice365DataConnector.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the data connector. - * - * @summary Creates or updates the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json - */ -import { - OfficeDataConnector, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnOffice365DataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const dataConnector: OfficeDataConnector = { - dataTypes: { - exchange: { state: "Enabled" }, - sharePoint: { state: "Enabled" }, - teams: { state: "Enabled" } - }, - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - kind: "Office365", - tenantId: "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.createOrUpdate( - resourceGroupName, - workspaceName, - dataConnectorId, - dataConnector - ); - console.log(result); -} - -createsOrUpdatesAnOffice365DataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnThreatIntelligencePlatformDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnThreatIntelligencePlatformDataConnector.ts deleted file mode 100644 index 7425f3b88d5c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/createsOrUpdatesAnThreatIntelligencePlatformDataConnector.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Creates or updates the data connector. - * - * @summary Creates or updates the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json - */ -import { TIDataConnector, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function createsOrUpdatesAnThreatIntelligencePlatformDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const dataConnector: TIDataConnector = { - dataTypes: { indicators: { state: "Enabled" } }, - kind: "ThreatIntelligence", - tenantId: "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - tipLookbackPeriod: new Date("2020-01-01T13:00:30.123Z") - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.createOrUpdate( - resourceGroupName, - workspaceName, - dataConnectorId, - dataConnector - ); - console.log(result); -} - -createsOrUpdatesAnThreatIntelligencePlatformDataConnector().catch( - console.error -); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAApiPollingDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAApiPollingDataConnector.ts deleted file mode 100644 index 16aa8500a3d4..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAApiPollingDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the data connector. - * - * @summary Delete the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAApiPollingDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.delete( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -deleteAApiPollingDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteABookmark.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteABookmark.ts deleted file mode 100644 index af5b85f047c9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteABookmark.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the bookmark. - * - * @summary Delete the bookmark. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/DeleteBookmark.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteABookmark() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarks.delete( - resourceGroupName, - workspaceName, - bookmarkId - ); - console.log(result); -} - -deleteABookmark().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAGenericUiDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAGenericUiDataConnector.ts deleted file mode 100644 index 14b9953455c2..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAGenericUiDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the data connector. - * - * @summary Delete the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DeleteGenericUI.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAGenericUiDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.delete( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -deleteAGenericUiDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteASourceControl.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteASourceControl.ts deleted file mode 100644 index 1b1fae5498dc..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteASourceControl.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete a source control. - * - * @summary Delete a source control. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteASourceControl() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const sourceControlId = "789e0c1f-4a3d-43ad-809c-e713b677b04a"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sourceControls.delete( - resourceGroupName, - workspaceName, - sourceControlId - ); - console.log(result); -} - -deleteASourceControl().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAThreatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAThreatIntelligenceIndicator.ts deleted file mode 100644 index c42fe7c78323..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAThreatIntelligenceIndicator.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete a threat intelligence indicator. - * - * @summary Delete a threat intelligence indicator. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAThreatIntelligenceIndicator() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicator.delete( - resourceGroupName, - workspaceName, - name - ); - console.log(result); -} - -deleteAThreatIntelligenceIndicator().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAWatchlist.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAWatchlist.ts deleted file mode 100644 index 80f673be5f60..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAWatchlist.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete a watchlist. - * - * @summary Delete a watchlist. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/DeleteWatchlist.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAWatchlist() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlists.delete( - resourceGroupName, - workspaceName, - watchlistAlias - ); - console.log(result); -} - -deleteAWatchlist().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAWatchlistItem.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAWatchlistItem.ts deleted file mode 100644 index c950f5853294..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAWatchlistItem.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete a watchlist item. - * - * @summary Delete a watchlist item. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/DeleteWatchlistItem.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAWatchlistItem() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const watchlistItemId = "4008512e-1d30-48b2-9ee2-d3612ed9d3ea"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlistItems.delete( - resourceGroupName, - workspaceName, - watchlistAlias, - watchlistItemId - ); - console.log(result); -} - -deleteAWatchlistItem().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnActionOfAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnActionOfAlertRule.ts deleted file mode 100644 index 729b1ec31bc8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnActionOfAlertRule.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the action of alert rule. - * - * @summary Delete the action of alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/DeleteActionOfAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnActionOfAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const actionId = "912bec42-cb66-4c03-ac63-1761b6898c3e"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.actions.delete( - resourceGroupName, - workspaceName, - ruleId, - actionId - ); - console.log(result); -} - -deleteAnActionOfAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnAlertRule.ts deleted file mode 100644 index c0b7a94ce5f5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnAlertRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the alert rule. - * - * @summary Delete the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/DeleteAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.delete( - resourceGroupName, - workspaceName, - ruleId - ); - console.log(result); -} - -deleteAnAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnAutomationRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnAutomationRule.ts deleted file mode 100644 index 14f322df81f7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnAutomationRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the automation rule. - * - * @summary Delete the automation rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/DeleteAutomationRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnAutomationRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const automationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.automationRules.delete( - resourceGroupName, - workspaceName, - automationRuleId - ); - console.log(result); -} - -deleteAnAutomationRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnEntityQuery.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnEntityQuery.ts deleted file mode 100644 index a829131fdb7b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnEntityQuery.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the entity query. - * - * @summary Delete the entity query. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/DeleteEntityQuery.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnEntityQuery() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityQueryId = "07da3cc8-c8ad-4710-a44e-334cdcb7882b"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entityQueries.delete( - resourceGroupName, - workspaceName, - entityQueryId - ); - console.log(result); -} - -deleteAnEntityQuery().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnIncident.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnIncident.ts deleted file mode 100644 index cb0bba6ea3f1..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnIncident.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the incident. - * - * @summary Delete the incident. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/DeleteIncident.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnIncident() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.delete( - resourceGroupName, - workspaceName, - incidentId - ); - console.log(result); -} - -deleteAnIncident().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnOffice365DataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnOffice365DataConnector.ts deleted file mode 100644 index ffe717638cd5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnOffice365DataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the data connector. - * - * @summary Delete the data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnOffice365DataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.delete( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -deleteAnOffice365DataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnOfficeConsent.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnOfficeConsent.ts deleted file mode 100644 index 644f4b017c3f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteAnOfficeConsent.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the office365 consent. - * - * @summary Delete the office365 consent. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteAnOfficeConsent() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const consentId = "04e5fd05-ff86-4b97-b8d2-1c20933cb46c"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.officeConsents.delete( - resourceGroupName, - workspaceName, - consentId - ); - console.log(result); -} - -deleteAnOfficeConsent().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteEyesOnSettings.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteEyesOnSettings.ts deleted file mode 100644 index 2fb0ff17a92c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteEyesOnSettings.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete setting of the product. - * - * @summary Delete setting of the product. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/DeleteEyesOnSetting.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteEyesOnSettings() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const settingsName = "EyesOn"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.productSettings.delete( - resourceGroupName, - workspaceName, - settingsName - ); - console.log(result); -} - -deleteEyesOnSettings().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteMetadata.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteMetadata.ts deleted file mode 100644 index 8cf5605716c8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteMetadata.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete a Metadata. - * - * @summary Delete a Metadata. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/DeleteMetadata.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteMetadata() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const metadataName = "metadataName"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.metadata.delete( - resourceGroupName, - workspaceName, - metadataName - ); - console.log(result); -} - -deleteMetadata().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteSentinelOnboardingState.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteSentinelOnboardingState.ts deleted file mode 100644 index 02cbcc29622a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteSentinelOnboardingState.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete Sentinel onboarding state - * - * @summary Delete Sentinel onboarding state - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteSentinelOnboardingState() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const sentinelOnboardingStateName = "default"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sentinelOnboardingStates.delete( - resourceGroupName, - workspaceName, - sentinelOnboardingStateName - ); - console.log(result); -} - -deleteSentinelOnboardingState().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheBookmarkRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheBookmarkRelation.ts deleted file mode 100644 index 24ca75fb9a3d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheBookmarkRelation.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the bookmark relation. - * - * @summary Delete the bookmark relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteTheBookmarkRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "2216d0e1-91e3-4902-89fd-d2df8c535096"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarkRelations.delete( - resourceGroupName, - workspaceName, - bookmarkId, - relationName - ); - console.log(result); -} - -deleteTheBookmarkRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheIncidentComment.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheIncidentComment.ts deleted file mode 100644 index 504a10296ae9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheIncidentComment.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the incident comment. - * - * @summary Delete the incident comment. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/DeleteIncidentComment.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteTheIncidentComment() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const incidentCommentId = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidentComments.delete( - resourceGroupName, - workspaceName, - incidentId, - incidentCommentId - ); - console.log(result); -} - -deleteTheIncidentComment().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheIncidentRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheIncidentRelation.ts deleted file mode 100644 index 218bee4f1c0c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/deleteTheIncidentRelation.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Delete the incident relation. - * - * @summary Delete the incident relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function deleteTheIncidentRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidentRelations.delete( - resourceGroupName, - workspaceName, - incidentId, - relationName - ); - console.log(result); -} - -deleteTheIncidentRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/disconnectAnApiPollingDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/disconnectAnApiPollingDataConnector.ts deleted file mode 100644 index 303a04f33542..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/disconnectAnApiPollingDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Disconnect a data connector. - * - * @summary Disconnect a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function disconnectAnApiPollingDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.disconnect( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -disconnectAnApiPollingDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/entityInsight.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/entityInsight.ts deleted file mode 100644 index 4cbff14eee7a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/entityInsight.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Execute Insights for an entity. - * - * @summary Execute Insights for an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/insights/PostGetInsights.json - */ -import { - EntityGetInsightsParameters, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function entityInsight() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const parameters: EntityGetInsightsParameters = { - addDefaultExtendedTimeRange: false, - endTime: new Date("2021-10-01T00:00:00.000Z"), - insightQueryIds: ["cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4"], - startTime: new Date("2021-09-01T00:00:00.000Z") - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.getInsights( - resourceGroupName, - workspaceName, - entityId, - parameters - ); - console.log(result); -} - -entityInsight().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/entityTimeline.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/entityTimeline.ts deleted file mode 100644 index f5cc25480e29..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/entityTimeline.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Timeline for an entity. - * - * @summary Timeline for an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/timeline/PostTimelineEntity.json - */ -import { - EntityTimelineParameters, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function entityTimeline() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const parameters: EntityTimelineParameters = { - endTime: new Date("2021-10-01T00:00:00.000Z"), - numberOfBucket: 4, - startTime: new Date("2021-09-01T00:00:00.000Z") - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entitiesGetTimeline.list( - resourceGroupName, - workspaceName, - entityId, - parameters - ); - console.log(result); -} - -entityTimeline().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/expandAnBookmark.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/expandAnBookmark.ts deleted file mode 100644 index a7fb4b5f084a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/expandAnBookmark.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Expand an bookmark - * - * @summary Expand an bookmark - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json - */ -import { - BookmarkExpandParameters, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function expandAnBookmark() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const parameters: BookmarkExpandParameters = { - endTime: new Date("2020-01-24T17:21:00.000Z"), - expansionId: "27f76e63-c41b-480f-bb18-12ad2e011d49", - startTime: new Date("2019-12-25T17:21:00.000Z") - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarkOperations.expand( - resourceGroupName, - workspaceName, - bookmarkId, - parameters - ); - console.log(result); -} - -expandAnBookmark().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/expandAnEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/expandAnEntity.ts deleted file mode 100644 index a71657d9ba60..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/expandAnEntity.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Expands an entity. - * - * @summary Expands an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/expand/PostExpandEntity.json - */ -import { - EntityExpandParameters, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function expandAnEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const parameters: EntityExpandParameters = { - endTime: new Date("2019-05-26T00:00:00.000Z"), - expansionId: "a77992f3-25e9-4d01-99a4-5ff606cc410a", - startTime: new Date("2019-04-25T00:00:00.000Z") - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.expand( - resourceGroupName, - workspaceName, - entityId, - parameters - ); - console.log(result); -} - -expandAnEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAApiPollingDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAApiPollingDataConnector.ts deleted file mode 100644 index aa27fcc29059..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAApiPollingDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAPIPolling.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAApiPollingDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAApiPollingDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAAscDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAAscDataConnector.ts deleted file mode 100644 index 0a9f1a555367..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAAscDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAAscDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAAscDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getABookmark.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getABookmark.ts deleted file mode 100644 index 47f2583ac60b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getABookmark.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a bookmark. - * - * @summary Gets a bookmark. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/GetBookmarkById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getABookmark() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarks.get( - resourceGroupName, - workspaceName, - bookmarkId - ); - console.log(result); -} - -getABookmark().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getABookmarkRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getABookmarkRelation.ts deleted file mode 100644 index f7eb7772c46e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getABookmarkRelation.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a bookmark relation. - * - * @summary Gets a bookmark relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getABookmarkRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "2216d0e1-91e3-4902-89fd-d2df8c535096"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.bookmarkRelations.get( - resourceGroupName, - workspaceName, - bookmarkId, - relationName - ); - console.log(result); -} - -getABookmarkRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getACloudApplicationEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getACloudApplicationEntity.ts deleted file mode 100644 index 3f3178a8cb1a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getACloudApplicationEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetCloudApplicationEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getACloudApplicationEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getACloudApplicationEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getADnsEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getADnsEntity.ts deleted file mode 100644 index bd3e1994a6df..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getADnsEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetDnsEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getADnsEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "f4e74920-f2c0-4412-a45f-66d94fdf01f8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getADnsEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getADynamics365DataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getADynamics365DataConnector.ts deleted file mode 100644 index 89f801108394..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getADynamics365DataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getADynamics365DataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c2541efb-c9a6-47fe-9501-87d1017d1512"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getADynamics365DataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAFileEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAFileEntity.ts deleted file mode 100644 index f5c3bddf3ade..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAFileEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetFileEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAFileEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "af378b21-b4aa-4fe7-bc70-13f8621a322f"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAFileEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAFileHashEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAFileHashEntity.ts deleted file mode 100644 index b77e91dfbd63..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAFileHashEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetFileHashEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAFileHashEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "ea359fa6-c1e5-f878-e105-6344f3e399a1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAFileHashEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAFusionAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAFusionAlertRule.ts deleted file mode 100644 index b74fa8d29fe9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAFusionAlertRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the alert rule. - * - * @summary Gets the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetFusionAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAFusionAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "myFirstFusionRule"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.get( - resourceGroupName, - workspaceName, - ruleId - ); - console.log(result); -} - -getAFusionAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAGenericUiDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAGenericUiDataConnector.ts deleted file mode 100644 index c4199b14af4c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAGenericUiDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetGenericUI.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAGenericUiDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "316ec55e-7138-4d63-ab18-90c8a60fd1c8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAGenericUiDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAHostEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAHostEntity.ts deleted file mode 100644 index 2f03bf3e64e2..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAHostEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetHostEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAHostEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAHostEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailClusterEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailClusterEntity.ts deleted file mode 100644 index f88ff274d854..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailClusterEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetMailClusterEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMailClusterEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAMailClusterEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailMessageEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailMessageEntity.ts deleted file mode 100644 index c5e7e485e050..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailMessageEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetMailMessageEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMailMessageEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAMailMessageEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailboxEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailboxEntity.ts deleted file mode 100644 index 48682a675ae5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMailboxEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetMailboxEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMailboxEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAMailboxEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMalwareEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMalwareEntity.ts deleted file mode 100644 index b5c0d80350c3..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMalwareEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetMalwareEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMalwareEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "af378b21-b4aa-4fe7-bc70-13f8621a322f"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAMalwareEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMcasDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMcasDataConnector.ts deleted file mode 100644 index 641c9044f6bd..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMcasDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMcasDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "b96d014d-b5c2-4a01-9aba-a8058f629d42"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAMcasDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMdatpDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMdatpDataConnector.ts deleted file mode 100644 index 57afb5c94428..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMdatpDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMdatpDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "06b3ccb8-1384-4bcc-aec7-852f6d57161b"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAMdatpDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftSecurityIncidentCreationRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftSecurityIncidentCreationRule.ts deleted file mode 100644 index bed861f353ac..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftSecurityIncidentCreationRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the alert rule. - * - * @summary Gets the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMicrosoftSecurityIncidentCreationRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "microsoftSecurityIncidentCreationRuleExample"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.get( - resourceGroupName, - workspaceName, - ruleId - ); - console.log(result); -} - -getAMicrosoftSecurityIncidentCreationRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftThreatIntelligenceDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftThreatIntelligenceDataConnector.ts deleted file mode 100644 index 665cc2d484e8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftThreatIntelligenceDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMicrosoftThreatIntelligenceDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAMicrosoftThreatIntelligenceDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftThreatProtectionDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftThreatProtectionDataConnector.ts deleted file mode 100644 index 44478189955a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAMicrosoftThreatProtectionDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAMicrosoftThreatProtectionDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAMicrosoftThreatProtectionDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAOfficeAtpDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAOfficeAtpDataConnector.ts deleted file mode 100644 index 6a3d566602aa..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAOfficeAtpDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAOfficeAtpDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "3d3e955e-33eb-401d-89a7-251c81ddd660"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAOfficeAtpDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAOfficeIrmDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAOfficeIrmDataConnector.ts deleted file mode 100644 index 6488bac4a404..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAOfficeIrmDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAOfficeIrmDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "3d3e955e-33eb-401d-89a7-251c81ddd660"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAOfficeIrmDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAProcessEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAProcessEntity.ts deleted file mode 100644 index 7b0cffa82d62..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAProcessEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetProcessEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAProcessEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "7264685c-038c-42c6-948c-38e14ef1fb98"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAProcessEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getARegistryKeyEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getARegistryKeyEntity.ts deleted file mode 100644 index 13df73f5773a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getARegistryKeyEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetRegistryKeyEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getARegistryKeyEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getARegistryKeyEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getARegistryValueEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getARegistryValueEntity.ts deleted file mode 100644 index c496a6dc4786..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getARegistryValueEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetRegistryValueEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getARegistryValueEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "dc44bd11-b348-4d76-ad29-37bf7aa41356"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getARegistryValueEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAScheduledAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAScheduledAlertRule.ts deleted file mode 100644 index b5496fcd5624..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAScheduledAlertRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the alert rule. - * - * @summary Gets the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetScheduledAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAScheduledAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.get( - resourceGroupName, - workspaceName, - ruleId - ); - console.log(result); -} - -getAScheduledAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getASecurityAlertEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getASecurityAlertEntity.ts deleted file mode 100644 index f3c2e745eb33..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getASecurityAlertEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetSecurityAlertEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getASecurityAlertEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "4aa486e0-6f85-41af-99ea-7acdce7be6c8"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getASecurityAlertEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getASecurityGroupEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getASecurityGroupEntity.ts deleted file mode 100644 index 34aa4ff3b39a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getASecurityGroupEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetSecurityGroupEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getASecurityGroupEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getASecurityGroupEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getASourceControl.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getASourceControl.ts deleted file mode 100644 index b91719879304..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getASourceControl.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a source control byt its identifier. - * - * @summary Gets a source control byt its identifier. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/GetSourceControlById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getASourceControl() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const sourceControlId = "789e0c1f-4a3d-43ad-809c-e713b677b04a"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sourceControls.get( - resourceGroupName, - workspaceName, - sourceControlId - ); - console.log(result); -} - -getASourceControl().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getASubmissionMailEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getASubmissionMailEntity.ts deleted file mode 100644 index 15e1fc35dbf0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getASubmissionMailEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetSubmissionMailEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getASubmissionMailEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getASubmissionMailEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getATiDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getATiDataConnector.ts deleted file mode 100644 index 5ec739f5fa6f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getATiDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getATiDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getATiDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getATiTaxiiDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getATiTaxiiDataConnector.ts deleted file mode 100644 index 8160667ac7d5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getATiTaxiiDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getATiTaxiiDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c39bb458-02a7-4b3f-b0c8-71a1d2692652"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getATiTaxiiDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAUrlEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAUrlEntity.ts deleted file mode 100644 index 4536fecedb33..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAUrlEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetUrlEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAUrlEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAUrlEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAWatchlist.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAWatchlist.ts deleted file mode 100644 index 8eb9d170effb..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAWatchlist.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a watchlist, without its watchlist items. - * - * @summary Gets a watchlist, without its watchlist items. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistByAlias.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAWatchlist() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlists.get( - resourceGroupName, - workspaceName, - watchlistAlias - ); - console.log(result); -} - -getAWatchlist().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAWatchlistItem.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAWatchlistItem.ts deleted file mode 100644 index 89ab54634d61..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAWatchlistItem.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a watchlist, without its watchlist items. - * - * @summary Gets a watchlist, without its watchlist items. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistItemById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAWatchlistItem() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const watchlistItemId = "3f8901fe-63d9-4875-9ad5-9fb3b8105797"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.watchlistItems.get( - resourceGroupName, - workspaceName, - watchlistAlias, - watchlistItemId - ); - console.log(result); -} - -getAWatchlistItem().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAlertRuleTemplateById.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAlertRuleTemplateById.ts deleted file mode 100644 index ae6eceb0493a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAlertRuleTemplateById.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the alert rule template. - * - * @summary Gets the alert rule template. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAlertRuleTemplateById() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const alertRuleTemplateId = "65360bb0-8986-4ade-a89d-af3cf44d28aa"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRuleTemplates.get( - resourceGroupName, - workspaceName, - alertRuleTemplateId - ); - console.log(result); -} - -getAlertRuleTemplateById().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllActionsOfAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllActionsOfAlertRule.ts deleted file mode 100644 index 21af1357efb9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllActionsOfAlertRule.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all actions of alert rule. - * - * @summary Gets all actions of alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/GetAllActionsByAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllActionsOfAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.actions.listByAlertRule( - resourceGroupName, - workspaceName, - ruleId - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllActionsOfAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAlertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAlertRuleTemplates.ts deleted file mode 100644 index 21764f1ce5cf..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAlertRuleTemplates.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all alert rule templates. - * - * @summary Gets all alert rule templates. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllAlertRuleTemplates() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.alertRuleTemplates.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllAlertRuleTemplates().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAlertRules.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAlertRules.ts deleted file mode 100644 index 26052edda0f3..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAlertRules.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all alert rules. - * - * @summary Gets all alert rules. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetAllAlertRules.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllAlertRules() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.alertRules.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllAlertRules().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAutomationRules.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAutomationRules.ts deleted file mode 100644 index 645907382dd9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllAutomationRules.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all automation rules. - * - * @summary Gets all automation rules. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/GetAllAutomationRules.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllAutomationRules() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.automationRules.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllAutomationRules().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllBookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllBookmarkRelations.ts deleted file mode 100644 index a1068e4d6a19..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllBookmarkRelations.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all bookmark relations. - * - * @summary Gets all bookmark relations. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllBookmarkRelations() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const bookmarkId = "2216d0e1-91e3-4902-89fd-d2df8c535096"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.bookmarkRelations.list( - resourceGroupName, - workspaceName, - bookmarkId - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllBookmarkRelations().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllBookmarks.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllBookmarks.ts deleted file mode 100644 index fc0a3f851e4e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllBookmarks.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all bookmarks. - * - * @summary Gets all bookmarks. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/GetBookmarks.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllBookmarks() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.bookmarks.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllBookmarks().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllDataConnectors.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllDataConnectors.ts deleted file mode 100644 index 520ed9fe6474..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllDataConnectors.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all data connectors. - * - * @summary Gets all data connectors. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetDataConnectors.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllDataConnectors() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.dataConnectors.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllDataConnectors().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntities.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntities.ts deleted file mode 100644 index 35a53889d3b3..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntities.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all entities. - * - * @summary Gets all entities. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetEntities.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllEntities() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.entities.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllEntities().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntityQueries.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntityQueries.ts deleted file mode 100644 index 5a7c7df049c7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntityQueries.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all entity queries. - * - * @summary Gets all entity queries. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetEntityQueries.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllEntityQueries() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const kind = "Expansion"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const options = { kind: kind }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.entityQueries.list( - resourceGroupName, - workspaceName, - options - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllEntityQueries().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntityQueryTemplates.ts deleted file mode 100644 index 00c5d2864798..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllEntityQueryTemplates.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all entity query templates. - * - * @summary Gets all entity query templates. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllEntityQueryTemplates() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.entityQueryTemplates.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllEntityQueryTemplates().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentAlerts.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentAlerts.ts deleted file mode 100644 index 684ebf333449..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentAlerts.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all incident alerts. - * - * @summary Gets all incident alerts. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetAllIncidentAlerts.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllIncidentAlerts() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.listAlerts( - resourceGroupName, - workspaceName, - incidentId - ); - console.log(result); -} - -getAllIncidentAlerts().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentBookmarks.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentBookmarks.ts deleted file mode 100644 index b84bab8b8520..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentBookmarks.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all incident bookmarks. - * - * @summary Gets all incident bookmarks. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetAllIncidentBookmarks.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllIncidentBookmarks() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.listBookmarks( - resourceGroupName, - workspaceName, - incidentId - ); - console.log(result); -} - -getAllIncidentBookmarks().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentComments.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentComments.ts deleted file mode 100644 index 422aa1660c5c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentComments.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all incident comments. - * - * @summary Gets all incident comments. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/GetAllIncidentComments.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllIncidentComments() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.incidentComments.list( - resourceGroupName, - workspaceName, - incidentId - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllIncidentComments().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentRelations.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentRelations.ts deleted file mode 100644 index c80a61685410..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidentRelations.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all incident relations. - * - * @summary Gets all incident relations. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllIncidentRelations() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.incidentRelations.list( - resourceGroupName, - workspaceName, - incidentId - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllIncidentRelations().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidents.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidents.ts deleted file mode 100644 index ba75b5240dc5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllIncidents.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all incidents. - * - * @summary Gets all incidents. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetIncidents.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllIncidents() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const orderby = "properties/createdTimeUtc desc"; - const top = 1; - const options = { orderby: orderby, top: top }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.incidents.list( - resourceGroupName, - workspaceName, - options - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllIncidents().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllMetadata.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllMetadata.ts deleted file mode 100644 index ed6562506118..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllMetadata.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to List of all metadata - * - * @summary List of all metadata - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetAllMetadata.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllMetadata() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.metadata.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllMetadata().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllMetadataWithODataFilterOrOrderbyOrSkipOrTop.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllMetadataWithODataFilterOrOrderbyOrSkipOrTop.ts deleted file mode 100644 index 7a9cf78d91e0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllMetadataWithODataFilterOrOrderbyOrSkipOrTop.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to List of all metadata - * - * @summary List of all metadata - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetAllMetadataOData.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllMetadataWithODataFilterOrOrderbyOrSkipOrTop() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.metadata.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllMetadataWithODataFilterOrOrderbyOrSkipOrTop().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllOfficeConsents.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllOfficeConsents.ts deleted file mode 100644 index a6277ab187e0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllOfficeConsents.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all office365 consents. - * - * @summary Gets all office365 consents. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/GetOfficeConsents.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllOfficeConsents() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.officeConsents.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllOfficeConsents().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllRelationsOfAnEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllRelationsOfAnEntity.ts deleted file mode 100644 index d00a1cc3751e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllRelationsOfAnEntity.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all relations of an entity. - * - * @summary Gets all relations of an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/relations/GetAllEntityRelations.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllRelationsOfAnEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.entitiesRelations.list( - resourceGroupName, - workspaceName, - entityId - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllRelationsOfAnEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSentinelOnboardingStates.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSentinelOnboardingStates.ts deleted file mode 100644 index d943eb13fd8a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSentinelOnboardingStates.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all Sentinel onboarding states - * - * @summary Gets all Sentinel onboarding states - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllSentinelOnboardingStates() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sentinelOnboardingStates.list( - resourceGroupName, - workspaceName - ); - console.log(result); -} - -getAllSentinelOnboardingStates().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSettings.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSettings.ts deleted file mode 100644 index ab9f04e64d7d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSettings.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to List of all the settings - * - * @summary List of all the settings - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/GetAllSettings.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllSettings() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.productSettings.list( - resourceGroupName, - workspaceName - ); - console.log(result); -} - -getAllSettings().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSourceControls.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSourceControls.ts deleted file mode 100644 index 06a4d95c429e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllSourceControls.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all source controls, without source control items. - * - * @summary Gets all source controls, without source control items. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/GetSourceControls.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllSourceControls() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.sourceControls.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllSourceControls().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllThreatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllThreatIntelligenceIndicators.ts deleted file mode 100644 index 8fb80bc3bca6..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllThreatIntelligenceIndicators.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get all threat intelligence indicators. - * - * @summary Get all threat intelligence indicators. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllThreatIntelligenceIndicators() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.threatIntelligenceIndicators.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllThreatIntelligenceIndicators().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllWatchlistItems.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllWatchlistItems.ts deleted file mode 100644 index 71f2ee457802..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllWatchlistItems.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all watchlist Items. - * - * @summary Gets all watchlist Items. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistItems.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllWatchlistItems() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const watchlistAlias = "highValueAsset"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.watchlistItems.list( - resourceGroupName, - workspaceName, - watchlistAlias - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllWatchlistItems().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllWatchlists.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAllWatchlists.ts deleted file mode 100644 index c45edd1c79f0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAllWatchlists.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all watchlists, without watchlist items. - * - * @summary Gets all watchlists, without watchlist items. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlists.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAllWatchlists() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.watchlists.list( - resourceGroupName, - workspaceName - )) { - resArray.push(item); - } - console.log(resArray); -} - -getAllWatchlists().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAadDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAadDataConnector.ts deleted file mode 100644 index cb0b0029bebd..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAadDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAadDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAnAadDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAatpDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAatpDataConnector.ts deleted file mode 100644 index f018187b66cd..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAatpDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAatpDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "07e42cb3-e658-4e90-801c-efa0f29d3d44"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAnAatpDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAccountEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAccountEntity.ts deleted file mode 100644 index c8c704467bed..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAccountEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetAccountEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAccountEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAnAccountEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActionOfAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActionOfAlertRule.ts deleted file mode 100644 index ac12ef5fb24c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActionOfAlertRule.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the action of alert rule. - * - * @summary Gets the action of alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/GetActionOfAlertRuleById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnActionOfAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const actionId = "912bec42-cb66-4c03-ac63-1761b6898c3e"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.actions.get( - resourceGroupName, - workspaceName, - ruleId, - actionId - ); - console.log(result); -} - -getAnActionOfAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActivityEntityQuery.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActivityEntityQuery.ts deleted file mode 100644 index a6d9b71be07f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActivityEntityQuery.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity query. - * - * @summary Gets an entity query. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnActivityEntityQuery() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityQueryId = "07da3cc8-c8ad-4710-a44e-334cdcb7882b"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entityQueries.get( - resourceGroupName, - workspaceName, - entityQueryId - ); - console.log(result); -} - -getAnActivityEntityQuery().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActivityEntityQueryTemplate.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActivityEntityQueryTemplate.ts deleted file mode 100644 index 73e457c09f6c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnActivityEntityQueryTemplate.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity query. - * - * @summary Gets an entity query. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnActivityEntityQueryTemplate() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityQueryTemplateId = "07da3cc8-c8ad-4710-a44e-334cdcb7882b"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entityQueryTemplates.get( - resourceGroupName, - workspaceName, - entityQueryTemplateId - ); - console.log(result); -} - -getAnActivityEntityQueryTemplate().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAutomationRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAutomationRule.ts deleted file mode 100644 index d5aadec1afb2..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAutomationRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the automation rule. - * - * @summary Gets the automation rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/GetAutomationRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAutomationRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const automationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.automationRules.get( - resourceGroupName, - workspaceName, - automationRuleId - ); - console.log(result); -} - -getAnAutomationRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAwsCloudTrailDataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAwsCloudTrailDataConnector.ts deleted file mode 100644 index d7c181800c4a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAwsCloudTrailDataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAwsCloudTrailDataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAnAwsCloudTrailDataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAwsS3DataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAwsS3DataConnector.ts deleted file mode 100644 index 80a043399230..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAwsS3DataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAwsS3DataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "afef3743-0c88-469c-84ff-ca2e87dc1e48"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAnAwsS3DataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAzureResourceEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAzureResourceEntity.ts deleted file mode 100644 index de6880c2263e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnAzureResourceEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetAzureResourceEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnAzureResourceEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAnAzureResourceEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnEntityRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnEntityRelation.ts deleted file mode 100644 index f241df0a73a4..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnEntityRelation.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity relation. - * - * @summary Gets an entity relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/relations/GetEntityRelationByName.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnEntityRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entityRelations.getRelation( - resourceGroupName, - workspaceName, - entityId, - relationName - ); - console.log(result); -} - -getAnEntityRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnExpansionEntityQuery.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnExpansionEntityQuery.ts deleted file mode 100644 index 47d100baf970..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnExpansionEntityQuery.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity query. - * - * @summary Gets an entity query. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnExpansionEntityQuery() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityQueryId = "07da3cc8-c8ad-4710-a44e-334cdcb7882b"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entityQueries.get( - resourceGroupName, - workspaceName, - entityQueryId - ); - console.log(result); -} - -getAnExpansionEntityQuery().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIPEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIPEntity.ts deleted file mode 100644 index b3bbc0a4c562..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIPEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetIpEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnIPEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAnIPEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncident.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncident.ts deleted file mode 100644 index 67c3bb6fb54f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncident.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an incident. - * - * @summary Gets an incident. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetIncidentById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnIncident() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.get( - resourceGroupName, - workspaceName, - incidentId - ); - console.log(result); -} - -getAnIncident().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncidentComment.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncidentComment.ts deleted file mode 100644 index 1cef0ba579c1..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncidentComment.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an incident comment. - * - * @summary Gets an incident comment. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/GetIncidentCommentById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnIncidentComment() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const incidentCommentId = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidentComments.get( - resourceGroupName, - workspaceName, - incidentId, - incidentCommentId - ); - console.log(result); -} - -getAnIncidentComment().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncidentRelation.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncidentRelation.ts deleted file mode 100644 index 61a9adf59ba6..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIncidentRelation.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an incident relation. - * - * @summary Gets an incident relation. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnIncidentRelation() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const relationName = "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidentRelations.get( - resourceGroupName, - workspaceName, - incidentId, - relationName - ); - console.log(result); -} - -getAnIncidentRelation().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIoTDeviceEntity.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIoTDeviceEntity.ts deleted file mode 100644 index 638568cf5711..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnIoTDeviceEntity.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an entity. - * - * @summary Gets an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetIoTDeviceEntityById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnIoTDeviceEntity() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.get( - resourceGroupName, - workspaceName, - entityId - ); - console.log(result); -} - -getAnIoTDeviceEntity().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnNrtAlertRule.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnNrtAlertRule.ts deleted file mode 100644 index 1a3922497c73..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnNrtAlertRule.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets the alert rule. - * - * @summary Gets the alert rule. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetNrtAlertRule.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnNrtAlertRule() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const ruleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.alertRules.get( - resourceGroupName, - workspaceName, - ruleId - ); - console.log(result); -} - -getAnNrtAlertRule().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnOffice365DataConnector.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnOffice365DataConnector.ts deleted file mode 100644 index 7c0692688e4e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnOffice365DataConnector.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a data connector. - * - * @summary Gets a data connector. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnOffice365DataConnector() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const dataConnectorId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.dataConnectors.get( - resourceGroupName, - workspaceName, - dataConnectorId - ); - console.log(result); -} - -getAnOffice365DataConnector().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnOfficeConsent.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getAnOfficeConsent.ts deleted file mode 100644 index c3c6d5d1f2da..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getAnOfficeConsent.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets an office365 consent. - * - * @summary Gets an office365 consent. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getAnOfficeConsent() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const consentId = "04e5fd05-ff86-4b97-b8d2-1c20933cb46c"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.officeConsents.get( - resourceGroupName, - workspaceName, - consentId - ); - console.log(result); -} - -getAnOfficeConsent().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getEntityQuery.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getEntityQuery.ts deleted file mode 100644 index cc428330a0e1..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getEntityQuery.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get Insights and Activities for an entity. - * - * @summary Get Insights and Activities for an entity. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetQueries.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getEntityQuery() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const entityId = "e1d3d618-e11f-478b-98e3-bb381539a8e1"; - const kind = "Insight"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.entities.queries( - resourceGroupName, - workspaceName, - entityId, - kind - ); - console.log(result); -} - -getEntityQuery().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getEyesOnSettings.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getEyesOnSettings.ts deleted file mode 100644 index 9156f8b35392..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getEyesOnSettings.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a setting. - * - * @summary Gets a setting. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/GetEyesOnSetting.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getEyesOnSettings() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const settingsName = "EyesOn"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.productSettings.get( - resourceGroupName, - workspaceName, - settingsName - ); - console.log(result); -} - -getEyesOnSettings().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getGeodataForASingleIPAddress.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getGeodataForASingleIPAddress.ts deleted file mode 100644 index a491187e3657..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getGeodataForASingleIPAddress.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get geodata for a single IP address - * - * @summary Get geodata for a single IP address - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/enrichment/GetGeodataByIp.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getGeodataForASingleIPAddress() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const ipAddress = "1.2.3.4"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.iPGeodata.get(resourceGroupName, ipAddress); - console.log(result); -} - -getGeodataForASingleIPAddress().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getRepositoryList.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getRepositoryList.ts deleted file mode 100644 index 18b87d88d49d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getRepositoryList.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets a list of repositories metadata. - * - * @summary Gets a list of repositories metadata. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/repositories/GetRepositories.json - */ -import { RepoType, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getRepositoryList() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const repoType: RepoType = "Github"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.sourceControlOperations.listRepositories( - resourceGroupName, - workspaceName, - repoType - )) { - resArray.push(item); - } - console.log(resArray); -} - -getRepositoryList().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getSentinelOnboardingState.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getSentinelOnboardingState.ts deleted file mode 100644 index 69a533313f1d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getSentinelOnboardingState.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get Sentinel onboarding state - * - * @summary Get Sentinel onboarding state - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getSentinelOnboardingState() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const sentinelOnboardingStateName = "default"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.sentinelOnboardingStates.get( - resourceGroupName, - workspaceName, - sentinelOnboardingStateName - ); - console.log(result); -} - -getSentinelOnboardingState().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getSingleMetadataByName.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getSingleMetadataByName.ts deleted file mode 100644 index 79371928be46..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getSingleMetadataByName.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get a Metadata. - * - * @summary Get a Metadata. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetMetadata.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getSingleMetadataByName() { - const subscriptionId = "2e1dc338-d04d-4443-b721-037eff4fdcac"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const metadataName = "metadataName"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.metadata.get( - resourceGroupName, - workspaceName, - metadataName - ); - console.log(result); -} - -getSingleMetadataByName().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getThreatIntelligenceIndicatorsMetrics.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getThreatIntelligenceIndicatorsMetrics.ts deleted file mode 100644 index c8263678cdfe..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getThreatIntelligenceIndicatorsMetrics.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). - * - * @summary Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getThreatIntelligenceIndicatorsMetrics() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicatorMetrics.list( - resourceGroupName, - workspaceName - ); - console.log(result); -} - -getThreatIntelligenceIndicatorsMetrics().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getWhoisInformationForASingleDomainName.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getWhoisInformationForASingleDomainName.ts deleted file mode 100644 index 7209b96ab755..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getWhoisInformationForASingleDomainName.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Get whois information for a single domain name - * - * @summary Get whois information for a single domain name - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/enrichment/GetWhoisByDomainName.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getWhoisInformationForASingleDomainName() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const domain = "microsoft.com"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.domainWhois.get(resourceGroupName, domain); - console.log(result); -} - -getWhoisInformationForASingleDomainName().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/getsAllIncidentRelatedEntities.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/getsAllIncidentRelatedEntities.ts deleted file mode 100644 index 43b56e714db7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/getsAllIncidentRelatedEntities.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Gets all incident related entities. - * - * @summary Gets all incident related entities. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/entities/GetAllIncidentEntities.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function getsAllIncidentRelatedEntities() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const incidentId = "afbd324f-6c48-459c-8710-8d1e1cd03812"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.incidents.listEntities( - resourceGroupName, - workspaceName, - incidentId - ); - console.log(result); -} - -getsAllIncidentRelatedEntities().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/queryThreatIntelligenceIndicatorsAsPerFilteringCriteria.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/queryThreatIntelligenceIndicatorsAsPerFilteringCriteria.ts deleted file mode 100644 index 76267bb0da24..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/queryThreatIntelligenceIndicatorsAsPerFilteringCriteria.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Query threat intelligence indicators as per filtering criteria. - * - * @summary Query threat intelligence indicators as per filtering criteria. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json - */ -import { - ThreatIntelligenceFilteringCriteria, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function queryThreatIntelligenceIndicatorsAsPerFilteringCriteria() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria = { - maxConfidence: 80, - maxValidUntil: "2021-04-25T17:44:00.114052Z", - minConfidence: 25, - minValidUntil: "2021-04-05T17:44:00.114052Z", - pageSize: 100, - sortBy: [{ itemKey: "lastUpdatedTimeUtc", sortOrder: "descending" }], - sources: ["Azure Sentinel"] - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const resArray = new Array(); - for await (let item of client.threatIntelligenceIndicator.listQueryIndicators( - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria - )) { - resArray.push(item); - } - console.log(resArray); -} - -queryThreatIntelligenceIndicatorsAsPerFilteringCriteria().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/replaceTagsToAThreatIntelligence.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/replaceTagsToAThreatIntelligence.ts deleted file mode 100644 index ff333677079d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/replaceTagsToAThreatIntelligence.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Replace tags added to a threat intelligence indicator. - * - * @summary Replace tags added to a threat intelligence indicator. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json - */ -import { - ThreatIntelligenceIndicatorModelForRequestBody, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function replaceTagsToAThreatIntelligence() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93"; - const threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody = { - etag: '"0000262c-0000-0800-0000-5e9767060000"', - kind: "indicator", - threatIntelligenceTags: ["patching tags"] - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicator.replaceTags( - resourceGroupName, - workspaceName, - name, - threatIntelligenceReplaceTags - ); - console.log(result); -} - -replaceTagsToAThreatIntelligence().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/updateAThreatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/updateAThreatIntelligenceIndicator.ts deleted file mode 100644 index 10113e30467f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/updateAThreatIntelligenceIndicator.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Update a threat Intelligence indicator. - * - * @summary Update a threat Intelligence indicator. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json - */ -import { - ThreatIntelligenceIndicatorModelForRequestBody, - SecurityInsights -} from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function updateAThreatIntelligenceIndicator() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const name = "d9cd6f0b-96b9-3984-17cd-a779d1e15a93"; - const threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody = { - description: "debugging indicators", - confidence: 78, - createdByRef: "contoso@contoso.com", - displayName: "new schema", - externalReferences: [], - granularMarkings: [], - killChainPhases: [], - kind: "indicator", - labels: [], - modified: "", - pattern: "[url:value = 'https://www.contoso.com']", - patternType: "url", - revoked: false, - source: "Azure Sentinel", - threatIntelligenceTags: ["new schema"], - threatTypes: ["compromised"], - validFrom: "2020-04-15T17:44:00.114052Z", - validUntil: "" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicator.create( - resourceGroupName, - workspaceName, - name, - threatIntelligenceProperties - ); - console.log(result); -} - -updateAThreatIntelligenceIndicator().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/updateEyesOnSettings.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/updateEyesOnSettings.ts deleted file mode 100644 index e4cdde71626c..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/updateEyesOnSettings.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Updates setting. - * - * @summary Updates setting. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/UpdateEyesOnSetting.json - */ -import { EyesOn, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function updateEyesOnSettings() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const settingsName = "EyesOn"; - const settings: EyesOn = { - etag: '"0300bf09-0000-0000-0000-5c37296e0000"', - kind: "EyesOn" - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.productSettings.update( - resourceGroupName, - workspaceName, - settingsName, - settings - ); - console.log(result); -} - -updateEyesOnSettings().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/updateMetadata.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/updateMetadata.ts deleted file mode 100644 index 57e0d8d95556..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/updateMetadata.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to Update an existing Metadata. - * - * @summary Update an existing Metadata. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PatchMetadata.json - */ -import { MetadataPatch, SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function updateMetadata() { - const subscriptionId = "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const metadataName = "metadataName"; - const metadataPatch: MetadataPatch = { - author: { name: "User Name", email: "email@microsoft.com" } - }; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.metadata.update( - resourceGroupName, - workspaceName, - metadataName, - metadataPatch - ); - console.log(result); -} - -updateMetadata().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/samples-dev/viewAThreatIntelligenceIndicatorByName.ts b/sdk/securityinsight/arm-securityinsight/samples-dev/viewAThreatIntelligenceIndicatorByName.ts deleted file mode 100644 index ef17e1d713ab..000000000000 --- a/sdk/securityinsight/arm-securityinsight/samples-dev/viewAThreatIntelligenceIndicatorByName.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. -/** - * This sample demonstrates how to View a threat intelligence indicator by name. - * - * @summary View a threat intelligence indicator by name. - * x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json - */ -import { SecurityInsights } from "@azure/arm-securityinsight"; -import { DefaultAzureCredential } from "@azure/identity"; - -async function viewAThreatIntelligenceIndicatorByName() { - const subscriptionId = "bd794837-4d29-4647-9105-6339bfdb4e6a"; - const resourceGroupName = "myRg"; - const workspaceName = "myWorkspace"; - const name = "e16ef847-962e-d7b6-9c8b-a33e4bd30e47"; - const credential = new DefaultAzureCredential(); - const client = new SecurityInsights(credential, subscriptionId); - const result = await client.threatIntelligenceIndicator.get( - resourceGroupName, - workspaceName, - name - ); - console.log(result); -} - -viewAThreatIntelligenceIndicatorByName().catch(console.error); diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts index 592c467dbfea..8b0ac617196f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -8,112 +8,27 @@ import * as coreClient from "@azure/core-client"; -export type AutomationRuleConditionUnion = - | AutomationRuleCondition - | AutomationRulePropertyValuesCondition; -export type AutomationRuleActionUnion = - | AutomationRuleAction - | AutomationRuleRunPlaybookAction - | AutomationRuleModifyPropertiesAction; -export type EntityTimelineItemUnion = - | EntityTimelineItem - | ActivityTimelineItem - | BookmarkTimelineItem - | SecurityAlertTimelineItem; -export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; -export type DataConnectorsCheckRequirementsUnion = - | DataConnectorsCheckRequirements - | AADCheckRequirements - | AatpCheckRequirements - | ASCCheckRequirements - | AwsCloudTrailCheckRequirements - | AwsS3CheckRequirements - | Dynamics365CheckRequirements - | McasCheckRequirements - | MdatpCheckRequirements - | MstiCheckRequirements - | MtpCheckRequirements - | OfficeATPCheckRequirements - | OfficeIRMCheckRequirements - | TICheckRequirements - | TiTaxiiCheckRequirements; -export type AlertRuleTemplateUnion = - | AlertRuleTemplate - | MLBehaviorAnalyticsAlertRuleTemplate - | FusionAlertRuleTemplate - | ThreatIntelligenceAlertRuleTemplate - | MicrosoftSecurityIncidentCreationAlertRuleTemplate - | ScheduledAlertRuleTemplate - | NrtAlertRuleTemplate; -export type EntityUnion = - | Entity - | SecurityAlert - | HuntingBookmark - | AccountEntity - | AzureResourceEntity - | CloudApplicationEntity - | DnsEntity - | FileEntity - | FileHashEntity - | HostEntity - | IoTDeviceEntity - | IpEntity - | MailboxEntity - | MailClusterEntity - | MailMessageEntity - | MalwareEntity - | ProcessEntity - | RegistryKeyEntity - | RegistryValueEntity - | SecurityGroupEntity - | SubmissionMailEntity - | UrlEntity; -export type EntityQueryTemplateUnion = - | EntityQueryTemplate - | ActivityEntityQueryTemplate; -export type ThreatIntelligenceInformationUnion = - | ThreatIntelligenceInformation - | ThreatIntelligenceIndicatorModel; export type AlertRuleUnion = | AlertRule - | MLBehaviorAnalyticsAlertRule | FusionAlertRule - | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule - | ScheduledAlertRule - | NrtAlertRule; -export type EntityQueryUnion = - | EntityQuery - | ExpansionEntityQuery - | ActivityEntityQuery; -export type CustomEntityQueryUnion = - | CustomEntityQuery - | ActivityCustomEntityQuery; -export type SettingsUnion = - | Settings - | Anomalies - | EyesOn - | EntityAnalytics - | Ueba; + | ScheduledAlertRule; export type DataConnectorUnion = | DataConnector | AADDataConnector - | MstiDataConnector - | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector - | AwsS3DataConnector | McasDataConnector - | Dynamics365DataConnector - | OfficeATPDataConnector - | OfficeIRMDataConnector | MdatpDataConnector - | OfficeDataConnector | TIDataConnector - | TiTaxiiDataConnector - | CodelessUiDataConnector - | CodelessApiPollingDataConnector; + | OfficeDataConnector; +export type SettingsUnion = Settings | ToggleSettings | UebaSettings; +export type AlertRuleTemplateUnion = + | AlertRuleTemplate + | FusionAlertRuleTemplate + | MicrosoftSecurityIncidentCreationAlertRuleTemplate + | ScheduledAlertRuleTemplate; /** List all the alert rules. */ export interface AlertRulesList { @@ -126,64 +41,74 @@ export interface AlertRulesList { value: AlertRuleUnion[]; } -/** Common fields that are returned in the response for all Azure Resource Manager resources */ -export interface Resource { +/** An azure resource object with an Etag property */ +export interface ResourceWithEtag { /** - * Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * Azure resource Id * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly id?: string; /** - * The name of the resource + * Azure resource name * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly name?: string; /** - * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + * Azure resource type * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly type?: string; - /** - * Azure Resource Manager metadata containing createdBy and modifiedBy information. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly systemData?: SystemData; -} - -/** Metadata pertaining to creation and last modification of the resource. */ -export interface SystemData { - /** The identity that created the resource. */ - createdBy?: string; - /** The type of identity that created the resource. */ - createdByType?: CreatedByType; - /** The timestamp of resource creation (UTC). */ - createdAt?: Date; - /** The identity that last modified the resource. */ - lastModifiedBy?: string; - /** The type of identity that last modified the resource. */ - lastModifiedByType?: CreatedByType; - /** The timestamp of resource last modification (UTC) */ - lastModifiedAt?: Date; + /** Etag of the azure resource */ + etag?: string; } -/** Error response structure. */ +/** An error response for a resource management request. */ export interface CloudError { - /** Error data */ - error?: CloudErrorBody; + /** The error object of the CloudError response */ + error?: ErrorResponse; } -/** Error details. */ -export interface CloudErrorBody { +/** Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.) */ +export interface ErrorResponse { /** - * An identifier for the error. Codes are invariant and are intended to be consumed programmatically. + * The error code. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly code?: string; /** - * A message describing the error, intended to be suitable for display in a user interface. + * The error message. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly message?: string; + /** + * The error target. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly target?: string; + /** + * The error details. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly details?: ErrorResponse[]; + /** + * The error additional info. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalInfo?: ErrorAdditionalInfo[]; +} + +/** The resource management error additional info. */ +export interface ErrorAdditionalInfo { + /** + * The additional info type. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly type?: string; + /** + * The additional info. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly info?: Record; } /** List all the actions. */ @@ -203,66 +128,34 @@ export interface ActionPropertiesBase { logicAppResourceId: string; } -/** List all the alert rule templates. */ -export interface AlertRuleTemplatesList { +/** An azure resource object */ +export interface Resource { /** - * URL to fetch the next set of alert rule templates. + * Azure resource Id * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of alert rule templates. */ - value: AlertRuleTemplateUnion[]; + readonly id?: string; + /** + * Azure resource name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly name?: string; + /** + * Azure resource type + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly type?: string; } -/** List all the automation rules. */ -export interface AutomationRulesList { +/** List all the alert rule templates. */ +export interface AlertRuleTemplatesList { /** - * URL to fetch the next set of automation rules. + * URL to fetch the next set of alert rule templates. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of automation rules. */ - value: AutomationRule[]; -} - -/** Describes automation rule triggering logic */ -export interface AutomationRuleTriggeringLogic { - /** Determines whether the automation rule is enabled or disabled. */ - isEnabled: boolean; - /** Determines when the automation rule should automatically expire and be disabled. */ - expirationTimeUtc?: Date; - /** The type of object the automation rule triggers on */ - triggersOn: TriggersOn; - /** The type of event the automation rule triggers on */ - triggersWhen: TriggersWhen; - /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */ - conditions?: AutomationRuleConditionUnion[]; -} - -/** Describes an automation rule condition */ -export interface AutomationRuleCondition { - /** Polymorphic discriminator, which specifies the different types this object can be */ - conditionType: "Property"; -} - -/** Describes an automation rule action */ -export interface AutomationRuleAction { - /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook" | "ModifyProperties"; - /** The order of execution of the automation rule action */ - order: number; -} - -/** Information on the client (user or application) that made some action */ -export interface ClientInfo { - /** The email of the client. */ - email?: string; - /** The name of the client. */ - name?: string; - /** The object id of the client. */ - objectId?: string; - /** The user principal name of the client. */ - userPrincipalName?: string; + /** Array of alert rule templates. */ + value: AlertRuleTemplateUnion[]; } /** List all the bookmarks. */ @@ -289,7 +182,7 @@ export interface UserInfo { */ readonly name?: string; /** The object id of the user. */ - objectId?: string; + objectId: string | null; } /** Describes related incident information for the bookmark */ @@ -297,396 +190,52 @@ export interface IncidentInfo { /** Incident Id */ incidentId?: string; /** The severity of the incident */ - severity?: IncidentSeverity; + severity?: CaseSeverity; /** The title of the incident */ title?: string; /** Relation Name */ relationName?: string; } -/** List of relations. */ -export interface RelationList { - /** - * URL to fetch the next set of relations. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of relations. */ - value: Relation[]; -} - -/** The parameters required to execute an expand operation on the given bookmark. */ -export interface BookmarkExpandParameters { - /** The end date filter, so the only expansion results returned are before this date. */ - endTime?: Date; - /** The Id of the expansion to perform. */ - expansionId?: string; - /** The start date filter, so the only expansion results returned are after this date. */ - startTime?: Date; -} - -/** The entity expansion result operation response. */ -export interface BookmarkExpandResponse { - /** The metadata from the expansion operation results. */ - metaData?: ExpansionResultsMetadata; - /** The expansion result values. */ - value?: BookmarkExpandResponseValue; -} - -/** Expansion result metadata. */ -export interface ExpansionResultsMetadata { - /** Information of the aggregated nodes in the expansion result. */ - aggregations?: ExpansionResultAggregation[]; -} - -/** Information of a specific aggregation in the expansion result. */ -export interface ExpansionResultAggregation { - /** The common type of the aggregation. (for e.g. entity field name) */ - aggregationType?: string; - /** Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. */ - count: number; - /** The display name of the aggregation by type. */ - displayName?: string; - /** The kind of the aggregated entity. */ - entityKind: EntityKind; -} - -/** The expansion result values. */ -export interface BookmarkExpandResponseValue { - /** Array of the expansion result entities. */ - entities?: EntityUnion[]; - /** Array of expansion result connected entities */ - edges?: ConnectedEntity[]; -} - -/** Expansion result connected entities */ -export interface ConnectedEntity { - /** Entity Id of the connected entity */ - targetEntityId?: string; - /** key-value pairs for a connected entity mapping */ - additionalData?: Record; -} - -/** Geodata information for a given IP address */ -export interface EnrichmentIpGeodata { - /** The autonomous system number associated with this IP address */ - asn?: string; - /** The name of the carrier for this IP address */ - carrier?: string; - /** The city this IP address is located in */ - city?: string; - /** A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 */ - cityCf?: number; - /** The continent this IP address is located on */ - continent?: string; - /** The county this IP address is located in */ - country?: string; - /** A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 */ - countryCf?: number; - /** The dotted-decimal or colon-separated string representation of the IP address */ - ipAddr?: string; - /** A description of the connection type of this IP address */ - ipRoutingType?: string; - /** The latitude of this IP address */ - latitude?: string; - /** The longitude of this IP address */ - longitude?: string; - /** The name of the organization for this IP address */ - organization?: string; - /** The type of the organization for this IP address */ - organizationType?: string; - /** The geographic region this IP address is located in */ - region?: string; - /** The state this IP address is located in */ - state?: string; - /** A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 */ - stateCf?: number; - /** The abbreviated name for the state this IP address is located in */ - stateCode?: string; -} - -/** Whois information for a given domain and associated metadata */ -export interface EnrichmentDomainWhois { - /** The domain for this whois record */ - domain?: string; - /** The hostname of this registrar's whois server */ - server?: string; - /** The timestamp at which this record was created */ - created?: Date; - /** The timestamp at which this record was last updated */ - updated?: Date; - /** The timestamp at which this record will expire */ - expires?: Date; - /** The whois record for a given domain */ - parsedWhois?: EnrichmentDomainWhoisDetails; -} - -/** The whois record for a given domain */ -export interface EnrichmentDomainWhoisDetails { - /** The registrar associated with this domain */ - registrar?: EnrichmentDomainWhoisRegistrarDetails; - /** The set of contacts associated with this domain */ - contacts?: EnrichmentDomainWhoisContacts; - /** A list of name servers associated with this domain */ - nameServers?: string[]; - /** The set of status flags for this whois record */ - statuses?: string[]; -} - -/** The registrar associated with this domain */ -export interface EnrichmentDomainWhoisRegistrarDetails { - /** The name of this registrar */ - name?: string; - /** This registrar's abuse contact email */ - abuseContactEmail?: string; - /** This registrar's abuse contact phone number */ - abuseContactPhone?: string; - /** This registrar's Internet Assigned Numbers Authority id */ - ianaId?: string; - /** This registrar's URL */ - url?: string; - /** The hostname of this registrar's whois server */ - whoisServer?: string; -} - -/** The set of contacts associated with this domain */ -export interface EnrichmentDomainWhoisContacts { - /** The admin contact for this whois record */ - admin?: EnrichmentDomainWhoisContact; - /** The billing contact for this whois record */ - billing?: EnrichmentDomainWhoisContact; - /** The registrant contact for this whois record */ - registrant?: EnrichmentDomainWhoisContact; - /** The technical contact for this whois record */ - tech?: EnrichmentDomainWhoisContact; -} - -/** An individual contact associated with this domain */ -export interface EnrichmentDomainWhoisContact { - /** The name of this contact */ - name?: string; - /** The organization for this contact */ - org?: string; - /** A list describing the street address for this contact */ - street?: string[]; - /** The city for this contact */ - city?: string; - /** The state for this contact */ - state?: string; - /** The postal code for this contact */ - postal?: string; - /** The country for this contact */ - country?: string; - /** The phone number for this contact */ - phone?: string; - /** The fax number for this contact */ - fax?: string; - /** The email address for this contact */ - email?: string; -} - -/** List of all the entity queries. */ -export interface EntityQueryList { - /** - * URL to fetch the next set of entity queries. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entity queries. */ - value: EntityQueryUnion[]; -} - -/** List of all the entities. */ -export interface EntityList { +/** List all the data connectors. */ +export interface DataConnectorList { /** - * URL to fetch the next set of entities. + * URL to fetch the next set of data connectors. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of entities. */ - value: EntityUnion[]; -} - -/** The parameters required to execute an expand operation on the given entity. */ -export interface EntityExpandParameters { - /** The end date filter, so the only expansion results returned are before this date. */ - endTime?: Date; - /** The Id of the expansion to perform. */ - expansionId?: string; - /** The start date filter, so the only expansion results returned are after this date. */ - startTime?: Date; -} - -/** The entity expansion result operation response. */ -export interface EntityExpandResponse { - /** The metadata from the expansion operation results. */ - metaData?: ExpansionResultsMetadata; - /** The expansion result values. */ - value?: EntityExpandResponseValue; -} - -/** The expansion result values. */ -export interface EntityExpandResponseValue { - /** Array of the expansion result entities. */ - entities?: EntityUnion[]; - /** Array of edges that connects the entity to the list of entities. */ - edges?: EntityEdges[]; -} - -/** The edge that connects the entity to the other entity. */ -export interface EntityEdges { - /** The target entity Id. */ - targetEntityId?: string; - /** A bag of custom fields that should be part of the entity and will be presented to the user. */ - additionalData?: { [propertyName: string]: Record }; -} - -/** The parameters required to execute s timeline operation on the given entity. */ -export interface EntityTimelineParameters { - /** Array of timeline Item kinds. */ - kinds?: EntityTimelineKind[]; - /** The start timeline date, so the results returned are after this date. */ - startTime: Date; - /** The end timeline date, so the results returned are before this date. */ - endTime: Date; - /** The number of bucket for timeline queries aggregation. */ - numberOfBucket?: number; -} - -/** The entity timeline result operation response. */ -export interface EntityTimelineResponse { - /** The metadata from the timeline operation results. */ - metaData?: TimelineResultsMetadata; - /** The timeline result values. */ - value?: EntityTimelineItemUnion[]; -} - -/** Expansion result metadata. */ -export interface TimelineResultsMetadata { - /** the total items found for the timeline request */ - totalCount: number; - /** timeline aggregation per kind */ - aggregations: TimelineAggregation[]; - /** information about the failure queries */ - errors?: TimelineError[]; -} - -/** timeline aggregation information per kind */ -export interface TimelineAggregation { - /** the total items found for a kind */ - count: number; - /** the query kind */ - kind: EntityTimelineKind; -} - -/** Timeline Query Errors. */ -export interface TimelineError { - /** the query kind */ - kind: EntityTimelineKind; - /** the query id */ - queryId?: string; - /** the error message */ - errorMessage: string; -} - -/** Entity timeline Item. */ -export interface EntityTimelineItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Activity" | "Bookmark" | "SecurityAlert"; + /** Array of data connectors. */ + value: DataConnectorUnion[]; } -/** Retrieve queries for entity result operation response. */ -export interface GetQueriesResponse { - /** The query result values. */ - value?: EntityQueryItemUnion[]; +/** Lists the operations available in the SecurityInsights RP. */ +export interface OperationsList { + /** URL to fetch the next set of operations. */ + nextLink?: string; + /** Array of operations */ + value: Operation[]; } -/** An abstract Query item for entity */ -export interface EntityQueryItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Insight"; - /** - * Query Template ARM ID - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly id?: string; - /** Query Template ARM Name */ +/** Operation provided by provider */ +export interface Operation { + /** Properties of the operation */ + display?: OperationDisplay; + /** Name of the operation */ name?: string; - /** ARM Type */ - type?: string; -} - -/** The parameters required to execute insights operation on the given entity. */ -export interface EntityGetInsightsParameters { - /** The start timeline date, so the results returned are after this date. */ - startTime: Date; - /** The end timeline date, so the results returned are before this date. */ - endTime: Date; - /** Indicates if query time range should be extended with default time range of the query. Default value is false */ - addDefaultExtendedTimeRange?: boolean; - /** List of Insights Query Id. If empty, default value is all insights of this entity */ - insightQueryIds?: string[]; -} - -/** The Get Insights result operation response. */ -export interface EntityGetInsightsResponse { - /** The metadata from the get insights operation results. */ - metaData?: GetInsightsResultsMetadata; - /** The insights result values. */ - value?: EntityInsightItem[]; -} - -/** Get Insights result metadata. */ -export interface GetInsightsResultsMetadata { - /** the total items found for the insights request */ - totalCount: number; - /** information about the failed queries */ - errors?: GetInsightsError[]; -} - -/** GetInsights Query Errors. */ -export interface GetInsightsError { - /** the query kind */ - kind: "Insight"; - /** the query id */ - queryId?: string; - /** the error message */ - errorMessage: string; -} - -/** Entity insight Item. */ -export interface EntityInsightItem { - /** The query id of the insight */ - queryId?: string; - /** The Time interval that the query actually executed on. */ - queryTimeInterval?: EntityInsightItemQueryTimeInterval; - /** Query results for table insights query. */ - tableQueryResults?: InsightsTableResult; - /** Query results for table insights query. */ - chartQueryResults?: InsightsTableResult[]; -} - -/** The Time interval that the query actually executed on. */ -export interface EntityInsightItemQueryTimeInterval { - /** Insight query start time */ - startTime?: Date; - /** Insight query end time */ - endTime?: Date; -} - -/** Query results for table insights query. */ -export interface InsightsTableResult { - /** Columns Metadata of the table */ - columns?: InsightsTableResultColumnsItem[]; - /** Rows data of the table */ - rows?: string[][]; + /** The origin of the operation */ + origin?: string; } -export interface InsightsTableResultColumnsItem { - /** the type of the colum */ - type?: string; - /** the name of the colum */ - name?: string; +/** Properties of the operation */ +export interface OperationDisplay { + /** Description of the operation */ + description?: string; + /** Operation name */ + operation?: string; + /** Provider name */ + provider?: string; + /** Resource name */ + resource?: string; } /** List all the incidents. */ @@ -750,92 +299,6 @@ export interface IncidentOwnerInfo { objectId?: string; /** The user principal name of the user the incident is assigned to. */ userPrincipalName?: string; - /** - * The type of the owner the incident is assigned to. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ownerType?: OwnerType; -} - -/** Describes team information */ -export interface TeamInformation { - /** - * Team ID - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly teamId?: string; - /** - * The primary channel URL of the team - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly primaryChannelUrl?: string; - /** - * The time the team was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly teamCreationTimeUtc?: Date; - /** - * The name of the team - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly name?: string; - /** - * The description of the team - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; -} - -/** Describes team properties */ -export interface TeamProperties { - /** The name of the team */ - teamName: string; - /** The description of the team */ - teamDescription?: string; - /** List of member IDs to add to the team */ - memberIds?: string[]; - /** List of group IDs to add their members to the team */ - groupIds?: string[]; -} - -/** List of incident alerts. */ -export interface IncidentAlertList { - /** Array of incident alerts. */ - value: SecurityAlert[]; -} - -/** confidence reason item */ -export interface SecurityAlertPropertiesConfidenceReasonsItem { - /** - * The reason's description - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly reason?: string; - /** - * The type (category) of the reason - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly reasonType?: string; -} - -/** Entity common property bag. */ -export interface EntityCommonProperties { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; -} - -/** List of incident bookmarks. */ -export interface IncidentBookmarkList { - /** Array of incident bookmarks. */ - value: HuntingBookmark[]; } /** List of incident comments. */ @@ -849,7297 +312,1111 @@ export interface IncidentCommentList { value: IncidentComment[]; } -/** The incident related entities response. */ -export interface IncidentEntitiesResponse { - /** Array of the incident related entities. */ - entities?: EntityUnion[]; - /** The metadata from the incident related entities results. */ - metaData?: IncidentEntitiesResultsMetadata[]; +/** Information on the client (user or application) that made some action */ +export interface ClientInfo { + /** The email of the client. */ + email?: string; + /** The name of the client. */ + name?: string; + /** The object id of the client. */ + objectId?: string; + /** The user principal name of the client. */ + userPrincipalName?: string; } -/** Information of a specific aggregation in the incident related entities result. */ -export interface IncidentEntitiesResultsMetadata { - /** Total number of aggregations of the given kind in the incident related entities result. */ - count: number; - /** The kind of the aggregated entity. */ - entityKind: EntityKind; +/** alert rule template data sources */ +export interface AlertRuleTemplateDataSource { + /** The connector id that provides the following data types */ + connectorId?: string; + /** The data types used by the alert rule template */ + dataTypes?: string[]; } -/** List of all the metadata. */ -export interface MetadataList { - /** Array of metadata. */ - value: MetadataModel[]; - /** - * URL to fetch the next page of metadata. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; +/** MicrosoftSecurityIncidentCreation rule common property bag. */ +export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; } -/** The original source of the content item, where it comes from. */ -export interface MetadataSource { - /** Source type of the content */ - kind: SourceKind; - /** Name of the content source. The repo name, solution name, LA workspace name etc. */ - name?: string; - /** ID of the content source. The solution ID, workspace ID, etc */ - sourceId?: string; +/** Schedule alert rule template property bag. */ +export interface ScheduledAlertRuleCommonProperties { + /** The query that creates alerts for this rule. */ + query?: string; + /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ + queryFrequency?: string; + /** The period (in ISO 8601 duration format) that this alert rule looks at. */ + queryPeriod?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The operation against the threshold that triggers alert rule. */ + triggerOperator?: TriggerOperator; + /** The threshold triggers this alert rule. */ + triggerThreshold?: number; } -/** Publisher or creator of the content item. */ -export interface MetadataAuthor { - /** Name of the author. Company or person. */ - name?: string; - /** Email of author contact */ - email?: string; - /** Link for author/vendor page */ - link?: string; +/** Alerts data type for data connectors. */ +export interface AlertsDataTypeOfDataConnector { + /** Alerts data type connection. */ + alerts?: DataConnectorDataTypeCommon; } -/** Support information for the content item. */ -export interface MetadataSupport { - /** Type of support for content item */ - tier: SupportTier; - /** Name of the support contact. Company or person. */ - name?: string; - /** Email of support contact */ - email?: string; - /** Link for support help, like to support page to open a ticket etc. */ - link?: string; +/** Common field for data type in data connectors. */ +export interface DataConnectorDataTypeCommon { + /** Describe whether this data type connection is enabled or not. */ + state?: DataTypeState; } -/** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. */ -export interface MetadataDependencies { - /** Id of the content item we depend on */ - contentId?: string; - /** Type of the content item we depend on */ - kind?: Kind; - /** Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. */ - version?: string; - /** Name of the content item */ - name?: string; - /** Operator used for list of dependencies in criteria array. */ - operator?: Operator; - /** This is the list of dependencies we must fulfill, according to the AND/OR operator */ - criteria?: MetadataDependencies[]; +/** Data connector properties. */ +export interface DataConnectorWithAlertsProperties { + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +} + +/** The available data types for Amazon Web Services CloudTrail data connector. */ +export interface AwsCloudTrailDataConnectorDataTypes { + /** Logs data type. */ + logs?: AwsCloudTrailDataConnectorDataTypesLogs; } -/** ies for the solution content item */ -export interface MetadataCategories { - /** domain for the solution content item */ - domains?: string[]; - /** Industry verticals for the solution content item */ - verticals?: string[]; +/** Properties data connector on tenant level. */ +export interface DataConnectorTenantId { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; } -/** List of the Sentinel onboarding states */ -export interface SentinelOnboardingStatesList { - /** Array of Sentinel onboarding states */ - value: SentinelOnboardingState[]; +/** The available data types for TI (Threat Intelligence) data connector. */ +export interface TIDataConnectorDataTypes { + /** Data type for indicators connection. */ + indicators?: TIDataConnectorDataTypesIndicators; } -/** List of all the settings. */ -export interface SettingList { - /** Array of settings. */ - value: SettingsUnion[]; +/** The available data types for office data connector. */ +export interface OfficeDataConnectorDataTypes { + /** Exchange data type connection. */ + exchange?: OfficeDataConnectorDataTypesExchange; + /** SharePoint data type connection. */ + sharePoint?: OfficeDataConnectorDataTypesSharePoint; + /** Teams data type connection. */ + teams?: OfficeDataConnectorDataTypesTeams; } -/** List all the source controls. */ -export interface RepoList { +/** List of all the office365 consents. */ +export interface OfficeConsentList { /** - * URL to fetch the next set of repositories. + * URL to fetch the next set of office consents. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of repositories. */ - value: Repo[]; -} - -/** Represents a repository. */ -export interface Repo { - /** The url to access the repository. */ - url?: string; - /** The name of the repository. */ - fullName?: string; - /** Array of branches. */ - branches?: string[]; + /** Array of the consents. */ + value: OfficeConsent[]; } -/** List all the source controls. */ -export interface SourceControlList { +/** ThreatIntelligence property bag. */ +export interface ThreatIntelligence { /** - * URL to fetch the next set of source controls. + * Confidence (must be between 0 and 1) * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of source controls. */ - value: SourceControl[]; -} - -/** metadata of a repository. */ -export interface Repository { - /** Url of repository. */ - url?: string; - /** Branch name of repository. */ - branch?: string; - /** Display url of repository. */ - displayUrl?: string; - /** Url to access repository action logs. */ - deploymentLogsUrl?: string; - /** Dictionary of source control content type and path mapping. */ - pathMapping?: ContentPathMap[]; -} - -/** The mapping of content type to a repo path. */ -export interface ContentPathMap { - /** Content type. */ - contentType?: ContentType; - /** The path to the content. */ - path?: string; -} - -/** List all the watchlists. */ -export interface WatchlistList { + readonly confidence?: number; /** - * URL to fetch the next set of watchlists. + * Name of the provider from whom this Threat Intelligence information was received * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of watchlist. */ - value: Watchlist[]; -} - -/** List all the watchlist items. */ -export interface WatchlistItemList { + readonly providerName?: string; /** - * URL to fetch the next set of watchlist item. + * Report link * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of watchlist items. */ - value: WatchlistItem[]; -} - -/** List all the data connectors. */ -export interface DataConnectorList { + readonly reportLink?: string; /** - * URL to fetch the next set of data connectors. + * Threat description (free text) * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of data connectors. */ - value: DataConnectorUnion[]; + readonly threatDescription?: string; + /** + * Threat name (e.g. "Jedobot malware") + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatName?: string; + /** + * Threat type (e.g. "Botnet") + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatType?: string; } -/** Represents Codeless API Polling data connector. */ -export interface DataConnectorConnectBody { - /** The authentication kind used to poll the data */ - kind?: ConnectAuthKind; - /** The API key of the audit server. */ - apiKey?: string; - /** The client secret of the OAuth 2.0 application. */ - clientSecret?: string; - /** The client id of the OAuth 2.0 application. */ - clientId?: string; - /** The authorization code used in OAuth 2.0 code flow to issue a token. */ - authorizationCode?: string; - /** The user name in the audit log server. */ - userName?: string; - /** The user password in the audit log server. */ - password?: string; - requestConfigUserInputValues?: Record[]; -} +/** Alert rule. */ +export type AlertRule = ResourceWithEtag & { + /** The alert rule kind */ + kind: AlertRuleKind; +}; -/** Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). */ -export interface ErrorResponse { - /** The error object. */ - error?: ErrorDetail; -} +/** Action for alert rule. */ +export type ActionRequest = ResourceWithEtag & { + /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ + logicAppResourceId?: string; + /** Logic App Callback URL for this specific workflow. */ + triggerUri?: string; +}; -/** The error detail. */ -export interface ErrorDetail { - /** - * The error code. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly code?: string; +/** Represents a bookmark in Azure Security Insights. */ +export type Bookmark = ResourceWithEtag & { + /** The time the bookmark was created */ + created?: Date; + /** Describes a user that created the bookmark */ + createdBy?: UserInfo; + /** The display name of the bookmark */ + displayName?: string; + /** List of labels relevant to this bookmark */ + labels?: string[]; + /** The notes of the bookmark */ + notes?: string; + /** The query of the bookmark. */ + query?: string; + /** The query result of the bookmark. */ + queryResult?: string; + /** The last time the bookmark was updated */ + updated?: Date; + /** Describes a user that updated the bookmark */ + updatedBy?: UserInfo; + /** The bookmark event time */ + eventTime?: Date; + /** The start time for the query */ + queryStartTime?: Date; + /** The end time for the query */ + queryEndTime?: Date; + /** Describes an incident that relates to bookmark */ + incidentInfo?: IncidentInfo; +}; + +/** Data connector. */ +export type DataConnector = ResourceWithEtag & { + /** The data connector kind */ + kind: DataConnectorKind; +}; + +/** Represents an incident in Azure Security Insights. */ +export type Incident = ResourceWithEtag & { /** - * The error message. + * Additional data on the incident * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly message?: string; + readonly additionalData?: IncidentAdditionalData; + /** The reason the incident was closed */ + classification?: IncidentClassification; + /** Describes the reason the incident was closed */ + classificationComment?: string; + /** The classification reason the incident was closed with */ + classificationReason?: IncidentClassificationReason; /** - * The error target. + * The time the incident was created * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly target?: string; + readonly createdTimeUtc?: Date; + /** The description of the incident */ + description?: string; + /** The time of the first activity in the incident */ + firstActivityTimeUtc?: Date; /** - * The error details. + * The deep-link url to the incident in Azure portal * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly details?: ErrorDetail[]; + readonly incidentUrl?: string; /** - * The error additional info. + * A sequential number * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalInfo?: ErrorAdditionalInfo[]; -} - -/** The resource management error additional info. */ -export interface ErrorAdditionalInfo { + readonly incidentNumber?: number; + /** List of labels relevant to this incident */ + labels?: IncidentLabel[]; + /** The time of the last activity in the incident */ + lastActivityTimeUtc?: Date; /** - * The additional info type. + * The last time the incident was updated * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly type?: string; + readonly lastModifiedTimeUtc?: Date; + /** Describes a user that the incident is assigned to */ + owner?: IncidentOwnerInfo; /** - * The additional info. + * List of resource ids of Analytic rules related to the incident * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly info?: Record; -} - -/** Data connector requirements properties. */ -export interface DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: - | "AzureActiveDirectory" - | "AzureAdvancedThreatProtection" - | "AzureSecurityCenter" - | "AmazonWebServicesCloudTrail" - | "AmazonWebServicesS3" - | "Dynamics365" - | "MicrosoftCloudAppSecurity" - | "MicrosoftDefenderAdvancedThreatProtection" - | "MicrosoftThreatIntelligence" - | "MicrosoftThreatProtection" - | "OfficeATP" - | "OfficeIRM" - | "ThreatIntelligence" - | "ThreatIntelligenceTaxii"; -} - -/** Data connector requirements status. */ -export interface DataConnectorRequirementsState { - /** Authorization state for this connector */ - authorizationState?: DataConnectorAuthorizationState; - /** License state for this connector */ - licenseState?: DataConnectorLicenseState; -} - -/** Describes threat kill chain phase entity */ -export interface ThreatIntelligenceKillChainPhase { - /** Kill chainName name */ - killChainName?: string; - /** Phase name */ - phaseName?: string; -} + readonly relatedAnalyticRuleIds?: string[]; + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The status of the incident */ + status?: IncidentStatus; + /** The title of the incident */ + title?: string; +}; -/** Describes parsed pattern entity */ -export interface ThreatIntelligenceParsedPattern { - /** Pattern type key */ - patternTypeKey?: string; - /** Pattern type keys */ - patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[]; -} +/** The Settings. */ +export type Settings = ResourceWithEtag & { + /** The data connector kind */ + kind: SettingKind; +}; -/** Describes threat kill chain phase entity */ -export interface ThreatIntelligenceParsedPatternTypeValue { - /** Type of the value */ - valueType?: string; - /** Value of parsed pattern */ - value?: string; -} +/** Action property bag. */ +export type ActionResponseProperties = ActionPropertiesBase & { + /** The name of the logic app's workflow. */ + workflowId?: string; +}; -/** Describes external reference */ -export interface ThreatIntelligenceExternalReference { - /** External reference description */ - description?: string; - /** External reference ID */ - externalId?: string; - /** External reference source name */ - sourceName?: string; - /** External reference URL */ - url?: string; - /** External reference hashes */ - hashes?: { [propertyName: string]: string }; -} +/** Action property bag. */ +export type ActionRequestProperties = ActionPropertiesBase & { + /** Logic App Callback URL for this specific workflow. */ + triggerUri: string; +}; -/** Describes threat granular marking model entity */ -export interface ThreatIntelligenceGranularMarkingModel { - /** Language granular marking model */ - language?: string; - /** marking reference granular marking model */ - markingRef?: number; - /** granular marking model selectors */ - selectors?: string[]; -} +/** Action for alert rule. */ +export type ActionResponse = Resource & { + /** Etag of the action. */ + etag?: string; + /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ + logicAppResourceId?: string; + /** The name of the logic app's workflow. */ + workflowId?: string; +}; -/** Describes an entity with kind. */ -export interface ThreatIntelligenceResourceKind { - /** The kind of the entity. */ - kind: ThreatIntelligenceResourceKindEnum; -} +/** Alert rule template. */ +export type AlertRuleTemplate = Resource & { + /** The alert rule kind */ + kind: AlertRuleKind; +}; -/** List of all the threat intelligence information objects. */ -export interface ThreatIntelligenceInformationList { +/** Represents an incident comment */ +export type IncidentComment = Resource & { /** - * URL to fetch the next set of information objects. + * The time the comment was created * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of threat intelligence information objects. */ - value: ThreatIntelligenceInformationUnion[]; -} - -/** Filtering criteria for querying threat intelligence indicators. */ -export interface ThreatIntelligenceFilteringCriteria { - /** Page size */ - pageSize?: number; - /** Minimum confidence. */ - minConfidence?: number; - /** Maximum confidence. */ - maxConfidence?: number; - /** Start time for ValidUntil filter. */ - minValidUntil?: string; - /** End time for ValidUntil filter. */ - maxValidUntil?: string; - /** Parameter to include/exclude disabled indicators. */ - includeDisabled?: boolean; - /** Columns to sort by and sorting order */ - sortBy?: ThreatIntelligenceSortingCriteria[]; - /** Sources of threat intelligence indicators */ - sources?: string[]; - /** Pattern types */ - patternTypes?: string[]; - /** Threat types of threat intelligence indicators */ - threatTypes?: string[]; - /** Ids of threat intelligence indicators */ - ids?: string[]; - /** Keywords for searching threat intelligence indicators */ - keywords?: string[]; - /** Skip token. */ - skipToken?: string; -} + readonly createdTimeUtc?: Date; + /** The comment message */ + message?: string; + /** + * Describes the client that created the comment + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly author?: ClientInfo; +}; -/** List of available columns for sorting */ -export interface ThreatIntelligenceSortingCriteria { - /** Column name */ - itemKey?: string; - /** Sorting order (ascending/descending/unsorted). */ - sortOrder?: ThreatIntelligenceSortingCriteriaEnum; -} +/** Consent for Office365 tenant that already made. */ +export type OfficeConsent = Resource & { + /** The tenantId of the Office365 with the consent. */ + tenantId?: string; + /** + * The tenant name of the Office365 with the consent. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tenantName?: string; +}; -/** List of all the threat intelligence metric fields (type/threat type/source). */ -export interface ThreatIntelligenceMetricsList { - /** Array of threat intelligence metric fields (type/threat type/source). */ - value: ThreatIntelligenceMetrics[]; -} +/** MicrosoftSecurityIncidentCreation rule property bag. */ +export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The description of the alert rule. */ + description?: string; + /** The display name for alerts created by this alert rule. */ + displayName: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled: boolean; + /** + * The last time that this alert has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; +}; -/** Threat intelligence metrics. */ -export interface ThreatIntelligenceMetrics { - /** Threat intelligence metrics. */ - properties?: ThreatIntelligenceMetric; -} +/** Scheduled alert rule base property bag. */ +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The description of the alert rule. */ + description?: string; + /** The display name for alerts created by this alert rule. */ + displayName: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ + suppressionDuration: string; + /** Determines whether the suppression for this alert rule is enabled or disabled. */ + suppressionEnabled: boolean; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; +}; -/** Describes threat intelligence metric */ -export interface ThreatIntelligenceMetric { - /** Last updated indicator metric */ - lastUpdatedTimeUtc?: string; - /** Threat type metrics */ - threatTypeMetrics?: ThreatIntelligenceMetricEntity[]; - /** Pattern type metrics */ - patternTypeMetrics?: ThreatIntelligenceMetricEntity[]; - /** Source metrics */ - sourceMetrics?: ThreatIntelligenceMetricEntity[]; -} +/** The available data types for MCAS (Microsoft Cloud App Security) data connector. */ +export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { + /** Discovery log data type connection. */ + discoveryLogs?: DataConnectorDataTypeCommon; +}; -/** Describes threat intelligence metric entity */ -export interface ThreatIntelligenceMetricEntity { - /** Metric name */ - metricName?: string; - /** Metric value */ - metricValue?: number; -} +/** Logs data type. */ +export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; -/** Array of tags to be appended to the threat intelligence indicator. */ -export interface ThreatIntelligenceAppendTags { - /** List of tags to be appended. */ - threatIntelligenceTags?: string[]; -} +/** Data type for indicators connection. */ +export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; -/** Lists the operations available in the SecurityInsights RP. */ -export interface OperationsList { - /** - * URL to fetch the next set of operations. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of operations */ - value: Operation[]; -} +/** Exchange data type connection. */ +export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; -/** Operation provided by provider */ -export interface Operation { - /** Properties of the operation */ - display?: OperationDisplay; - /** Name of the operation */ - name?: string; - /** The origin of the operation */ - origin?: string; - /** Indicates whether the operation is a data action */ - isDataAction?: boolean; -} +/** SharePoint data type connection. */ +export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; -/** Properties of the operation */ -export interface OperationDisplay { - /** Description of the operation */ - description?: string; - /** Operation name */ - operation?: string; - /** Provider name */ - provider?: string; - /** Resource name */ - resource?: string; -} +/** Teams data type connection. */ +export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; -/** List of all the office365 consents. */ -export interface OfficeConsentList { +/** ASC (Azure Security Center) data connector properties. */ +export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; + +/** Represents Fusion alert rule. */ +export type FusionAlertRule = AlertRule & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; /** - * URL to fetch the next set of office consents. + * The description of the alert rule. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of the consents. */ - value: OfficeConsent[]; -} - -/** List of all the entity query templates. */ -export interface EntityQueryTemplateList { + readonly description?: string; /** - * URL to fetch the next set of entity query templates. + * The display name for alerts created by this alert rule. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly nextLink?: string; - /** Array of entity query templates. */ - value: EntityQueryTemplateUnion[]; -} - -/** alert rule template data sources */ -export interface AlertRuleTemplateDataSource { - /** The connector id that provides the following data types */ - connectorId?: string; - /** The data types used by the alert rule template */ - dataTypes?: string[]; -} - -/** Base alert rule template property bag. */ -export interface AlertRuleTemplatePropertiesBase { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; + readonly displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; /** - * The last time that this alert rule template has been updated. + * The last time that this alert has been modified. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly lastUpdatedDateUTC?: Date; + readonly lastModifiedUtc?: Date; /** - * The time that this alert rule template has been added. + * The severity for alerts created by this alert rule. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; -} - -/** Query based alert rule template base property bag. */ -export interface QueryBasedAlertRuleTemplateProperties { - /** The query that creates alerts for this rule. */ - query?: string; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ - version?: string; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -} - -/** Single entity mapping for the alert rule */ -export interface EntityMapping { - /** The V3 type of the mapped entity */ - entityType?: EntityMappingType; - /** array of field mappings for the given entity mapping */ - fieldMappings?: FieldMapping[]; -} - -/** A single field mapping of the mapped entity */ -export interface FieldMapping { - /** the V3 identifier of the entity */ - identifier?: string; - /** the column name to be mapped to the identifier */ - columnName?: string; -} - -/** Settings for how to dynamically override alert static details */ -export interface AlertDetailsOverride { - /** the format containing columns name(s) to override the alert name */ - alertDisplayNameFormat?: string; - /** the format containing columns name(s) to override the alert description */ - alertDescriptionFormat?: string; - /** the column name to take the alert tactics from */ - alertTacticsColumnName?: string; - /** the column name to take the alert severity from */ - alertSeverityColumnName?: string; -} + readonly severity?: AlertSeverity; + /** + * The tactics of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; +}; -/** MicrosoftSecurityIncidentCreation rule common property bag. */ -export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { +/** Represents MicrosoftSecurityIncidentCreation rule. */ +export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { /** the alerts' displayNames on which the cases will be generated */ displayNamesFilter?: string[]; /** the alerts' displayNames on which the cases will not be generated */ displayNamesExcludeFilter?: string[]; /** The alerts' productName on which the cases will be generated */ - productFilter: MicrosoftSecurityProductName; + productFilter?: MicrosoftSecurityProductName; /** the alerts' severities on which the cases will be generated */ severitiesFilter?: AlertSeverity[]; -} - -/** Query based alert rule base property bag. */ -export interface QueryBasedAlertRuleProperties { /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; - /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ - templateVersion?: string; /** The description of the alert rule. */ description?: string; - /** The query that creates alerts for this rule. */ - query?: string; /** The display name for alerts created by this alert rule. */ - displayName: string; + displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ - enabled: boolean; + enabled?: boolean; /** - * The last time that this alert rule has been modified. + * The last time that this alert has been modified. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedUtc?: Date; - /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ - suppressionDuration: string; - /** Determines whether the suppression for this alert rule is enabled or disabled. */ - suppressionEnabled: boolean; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The settings of the incidents that created from alerts triggered by this analytics rule */ - incidentConfiguration?: IncidentConfiguration; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -} - -/** Incident Configuration property bag. */ -export interface IncidentConfiguration { - /** Create incidents from alerts triggered by this analytics rule */ - createIncident: boolean; - /** Set how the alerts that are triggered by this analytics rule, are grouped into incidents */ - groupingConfiguration?: GroupingConfiguration; -} - -/** Grouping configuration property bag. */ -export interface GroupingConfiguration { - /** Grouping enabled */ - enabled: boolean; - /** Re-open closed matching incidents */ - reopenClosedIncident: boolean; - /** Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) */ - lookbackDuration: string; - /** Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. */ - matchingMethod: MatchingMethod; - /** A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used. */ - groupByEntities?: EntityMappingType[]; - /** A list of alert details to group by (when matchingMethod is Selected) */ - groupByAlertDetails?: AlertDetail[]; - /** A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used. */ - groupByCustomDetails?: string[]; -} +}; -/** Scheduled alert rule template property bag. */ -export interface ScheduledAlertRuleCommonProperties { +/** Represents scheduled alert rule. */ +export type ScheduledAlertRule = AlertRule & { + /** The query that creates alerts for this rule. */ + query?: string; /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ queryFrequency?: string; /** The period (in ISO 8601 duration format) that this alert rule looks at. */ queryPeriod?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; /** The operation against the threshold that triggers alert rule. */ triggerOperator?: TriggerOperator; /** The threshold triggers this alert rule. */ triggerThreshold?: number; - /** The event grouping settings. */ - eventGroupingSettings?: EventGroupingSettings; -} + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The description of the alert rule. */ + description?: string; + /** The display name for alerts created by this alert rule. */ + displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ + suppressionDuration?: string; + /** Determines whether the suppression for this alert rule is enabled or disabled. */ + suppressionEnabled?: boolean; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; +}; -/** Event grouping settings property bag. */ -export interface EventGroupingSettings { - /** The event grouping aggregation kinds */ - aggregationKind?: EventGroupingAggregationKind; -} +/** Represents AAD (Azure Active Directory) data connector. */ +export type AADDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; -/** The configuration of the run playbook automation rule action */ -export interface AutomationRuleRunPlaybookActionConfiguration { - /** The resource id of the playbook resource */ - logicAppResourceId?: string; - /** The tenant id of the playbook resource */ +/** Represents AATP (Azure Advanced Threat Protection) data connector. */ +export type AatpDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ tenantId?: string; -} + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; -/** The configuration of the modify properties automation rule action */ -export interface AutomationRuleModifyPropertiesActionConfiguration { - /** The reason the incident was closed */ - classification?: IncidentClassification; - /** Describes the reason the incident was closed */ - classificationComment?: string; - /** The classification reason the incident was closed with */ - classificationReason?: IncidentClassificationReason; - /** List of labels to add to the incident */ - labels?: IncidentLabel[]; - /** Describes a user that the incident is assigned to */ - owner?: IncidentOwnerInfo; - /** The severity of the incident */ - severity?: IncidentSeverity; - /** The status of the incident */ - status?: IncidentStatus; -} - -/** The configuration of the automation rule condition */ -export interface AutomationRulePropertyValuesConditionProperties { - /** The property to evaluate */ - propertyName?: AutomationRulePropertyConditionSupportedProperty; - /** The operator to use for evaluation the condition */ - operator?: AutomationRulePropertyConditionSupportedOperator; - /** The values to use for evaluating the condition */ - propertyValues?: string[]; -} - -/** The Activity query definitions */ -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; -} - -/** An properties abstract Query item for entity */ -export interface EntityQueryItemProperties { - /** Data types for template */ - dataTypes?: EntityQueryItemPropertiesDataTypesItem[]; - /** The type of the entity */ - inputEntityType?: EntityType; - /** Data types for template */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: Record; -} - -export interface EntityQueryItemPropertiesDataTypesItem { - /** Data type name */ - dataType?: string; -} - -/** The insight table query. */ -export interface InsightQueryItemPropertiesTableQuery { - /** List of insight column definitions. */ - columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[]; - /** List of insight queries definitions. */ - queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[]; -} - -export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { - /** Insight column header. */ - header?: string; - /** Insights Column type. */ - outputType?: OutputType; - /** Is query supports deep-link. */ - supportDeepLink?: boolean; -} - -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { - /** Insight column header. */ - filter?: string; - /** Insight column header. */ - summarize?: string; - /** Insight column header. */ - project?: string; - /** Insight column header. */ - linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[]; -} - -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { - /** Insight Link Definition Projected Name. */ - projectedName?: string; - /** Insight Link Definition Query. */ - query?: string; -} - -/** The activity query definitions. */ -export interface InsightQueryItemPropertiesAdditionalQuery { - /** The insight query. */ - query?: string; - /** The insight text. */ - text?: string; -} - -/** The insight chart query. */ -export interface InsightQueryItemPropertiesDefaultTimeRange { - /** The padding for the start time of the query. */ - beforeRange?: string; - /** The padding for the end time of the query. */ - afterRange?: string; -} - -/** The insight chart query. */ -export interface InsightQueryItemPropertiesReferenceTimeRange { - /** Additional query time for looking back. */ - beforeRange?: string; -} +/** Represents ASC (Azure Security Center) data connector. */ +export type ASCDataConnector = DataConnector & { + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; -/** The pricing tier of the solution */ -export interface Sku { - /** The kind of the tier */ - name?: SkuKind; - /** The amount of reservation level */ - capacityReservationLevel?: number; -} +/** Represents Amazon Web Services CloudTrail data connector. */ +export type AwsCloudTrailDataConnector = DataConnector & { + /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */ + awsRoleArn?: string; + /** The available data types for the connector. */ + dataTypes?: AwsCloudTrailDataConnectorDataTypes; +}; -/** Properties data connector on tenant level. */ -export interface DataConnectorTenantId { +/** Represents MCAS (Microsoft Cloud App Security) data connector. */ +export type McasDataConnector = DataConnector & { /** The tenant id to connect to, and get the data from. */ - tenantId: string; -} + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: McasDataConnectorDataTypes; +}; -/** Data connector properties. */ -export interface DataConnectorWithAlertsProperties { +/** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */ +export type MdatpDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; /** The available data types for the connector. */ dataTypes?: AlertsDataTypeOfDataConnector; -} - -/** Alerts data type for data connectors. */ -export interface AlertsDataTypeOfDataConnector { - /** Alerts data type connection. */ - alerts: DataConnectorDataTypeCommon; -} - -/** Common field for data type in data connectors. */ -export interface DataConnectorDataTypeCommon { - /** Describe whether this data type connection is enabled or not. */ - state: DataTypeState; -} - -/** The available data types for Microsoft Threat Intelligence Platforms data connector. */ -export interface MstiDataConnectorDataTypes { - /** Data type for Microsoft Threat Intelligence Platforms data connector. */ - bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL; - /** Data type for Microsoft Threat Intelligence Platforms data connector. */ - microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed; -} - -/** The available data types for Microsoft Threat Protection Platforms data connector. */ -export interface MTPDataConnectorDataTypes { - /** Data type for Microsoft Threat Protection Platforms data connector. */ - incidents: MTPDataConnectorDataTypesIncidents; -} - -/** The available data types for Amazon Web Services CloudTrail data connector. */ -export interface AwsCloudTrailDataConnectorDataTypes { - /** Logs data type. */ - logs: AwsCloudTrailDataConnectorDataTypesLogs; -} - -/** The available data types for Amazon Web Services S3 data connector. */ -export interface AwsS3DataConnectorDataTypes { - /** Logs data type. */ - logs: AwsS3DataConnectorDataTypesLogs; -} - -/** The available data types for Dynamics365 data connector. */ -export interface Dynamics365DataConnectorDataTypes { - /** Common Data Service data type connection. */ - dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; -} - -/** The available data types for office data connector. */ -export interface OfficeDataConnectorDataTypes { - /** Exchange data type connection. */ - exchange: OfficeDataConnectorDataTypesExchange; - /** SharePoint data type connection. */ - sharePoint: OfficeDataConnectorDataTypesSharePoint; - /** Teams data type connection. */ - teams: OfficeDataConnectorDataTypesTeams; -} - -/** The available data types for TI (Threat Intelligence) data connector. */ -export interface TIDataConnectorDataTypes { - /** Data type for indicators connection. */ - indicators: TIDataConnectorDataTypesIndicators; -} - -/** The available data types for Threat Intelligence TAXII data connector. */ -export interface TiTaxiiDataConnectorDataTypes { - /** Data type for TAXII connector. */ - taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient; -} - -/** Config to describe the instructions blade */ -export interface CodelessUiConnectorConfigProperties { - /** Connector blade title */ - title: string; - /** Connector publisher name */ - publisher: string; - /** Connector description */ - descriptionMarkdown: string; - /** An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery */ - customImage?: string; - /** Name of the table the connector will insert the data to */ - graphQueriesTableName: string; - /** The graph query to show the current data status */ - graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[]; - /** The sample queries for the connector */ - sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[]; - /** Data types to check for last data received */ - dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[]; - /** Define the way the connector check connectivity */ - connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[]; - /** Connector Availability Status */ - availability: Availability; - /** Permissions required for the connector */ - permissions: Permissions; - /** Instruction steps to enable the connector */ - instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[]; -} - -/** The graph query to show the current data status */ -export interface GraphQueries { - /** the metric that the query is checking */ - metricName?: string; - /** The legend for the graph */ - legend?: string; - /** The base query for the graph */ - baseQuery?: string; -} - -/** The sample queries for the connector */ -export interface SampleQueries { - /** The sample query description */ - description?: string; - /** the sample query */ - query?: string; -} - -/** Data type for last data received */ -export interface LastDataReceivedDataType { - /** Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder */ - name?: string; - /** Query for indicate last data received */ - lastDataReceivedQuery?: string; -} - -/** Setting for the connector check connectivity */ -export interface ConnectivityCriteria { - /** type of connectivity */ - type?: ConnectivityType; - /** Queries for checking connectivity */ - value?: string[]; -} - -/** Connector Availability Status */ -export interface Availability { - /** The connector Availability Status */ - status?: "1"; - /** Set connector as preview */ - isPreview?: boolean; -} - -/** Permissions required for the connector */ -export interface Permissions { - /** Resource provider permissions required for the connector */ - resourceProvider?: PermissionsResourceProviderItem[]; - /** Customs permissions required for the connector */ - customs?: PermissionsCustomsItem[]; -} - -/** Resource provider permissions required for the connector */ -export interface ResourceProvider { - /** Provider name */ - provider?: ProviderName; - /** Permission description text */ - permissionsDisplayText?: string; - /** Permission provider display name */ - providerDisplayName?: string; - /** Permission provider scope */ - scope?: PermissionProviderScope; - /** Required permissions for the connector */ - requiredPermissions?: RequiredPermissions; -} - -/** Required permissions for the connector */ -export interface RequiredPermissions { - /** action permission */ - action?: boolean; - /** write permission */ - write?: boolean; - /** read permission */ - read?: boolean; - /** delete permission */ - delete?: boolean; -} - -/** Customs permissions required for the connector */ -export interface CustomsPermission { - /** Customs permissions name */ - name?: string; - /** Customs permissions description */ - description?: string; -} - -/** Instruction steps to enable the connector */ -export interface InstructionSteps { - /** Instruction step title */ - title?: string; - /** Instruction step description */ - description?: string; - /** Instruction step details */ - instructions?: InstructionStepsInstructionsItem[]; -} - -/** Instruction step details */ -export interface ConnectorInstructionModelBase { - /** The parameters for the setting */ - parameters?: Record; - /** The kind of the setting */ - type: SettingType; -} - -/** Config to describe the polling config for API poller connector */ -export interface CodelessConnectorPollingConfigProperties { - /** The poller active status */ - isActive?: boolean; - /** Describe the authentication type of the poller */ - auth: CodelessConnectorPollingAuthProperties; - /** Describe the poll request config parameters of the poller */ - request: CodelessConnectorPollingRequestProperties; - /** Describe the poll request paging config of the poller */ - paging?: CodelessConnectorPollingPagingProperties; - /** Describe the response config parameters of the poller */ - response?: CodelessConnectorPollingResponseProperties; -} - -/** Describe the authentication properties needed to successfully authenticate with the server */ -export interface CodelessConnectorPollingAuthProperties { - /** The authentication type */ - authType: string; - /** The header name which the token is sent with */ - apiKeyName?: string; - /** A prefix send in the header before the actual token */ - apiKeyIdentifier?: string; - /** Marks if the key should sent in header */ - isApiKeyInPostPayload?: string; - /** Describes the flow name, for example 'AuthCode' for Oauth 2.0 */ - flowName?: string; - /** The endpoint used to issue a token, used in Oauth 2.0 flow */ - tokenEndpoint?: string; - /** The endpoint used to authorize the user, used in Oauth 2.0 flow */ - authorizationEndpoint?: string; - /** The query parameters used in authorization request, used in Oauth 2.0 flow */ - authorizationEndpointQueryParameters?: Record; - /** The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow */ - redirectionEndpoint?: string; - /** The query headers used in token request, used in Oauth 2.0 flow */ - tokenEndpointHeaders?: Record; - /** The query parameters used in token request, used in Oauth 2.0 flow */ - tokenEndpointQueryParameters?: Record; - /** Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow */ - isClientSecretInHeader?: boolean; - /** The OAuth token scope */ - scope?: string; -} - -/** Describe the request properties needed to successfully pull from the server */ -export interface CodelessConnectorPollingRequestProperties { - /** Describe the endpoint we should pull the data from */ - apiEndpoint: string; - /** Defines the rate limit QPS */ - rateLimitQps?: number; - /** The window interval we will use the pull the data */ - queryWindowInMin: number; - /** The http method type we will use in the poll request, GET or POST */ - httpMethod: string; - /** The time format will be used the query events in a specific window */ - queryTimeFormat: string; - /** Describe the amount of time we should try and poll the data in case of failure */ - retryCount?: number; - /** The number of seconds we will consider as a request timeout */ - timeoutInSeconds?: number; - /** Describe the headers sent in the poll request */ - headers?: Record; - /** Describe the query parameters sent in the poll request */ - queryParameters?: Record; - /** For advanced scenarios for example user name/password embedded in nested JSON payload */ - queryParametersTemplate?: string; - /** This will be used the query events from a start of the time window */ - startTimeAttributeName?: string; - /** This will be used the query events from the end of the time window */ - endTimeAttributeName?: string; -} - -/** Describe the properties needed to make a pagination call */ -export interface CodelessConnectorPollingPagingProperties { - /** Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' */ - pagingType: string; - /** Defines the name of a next page attribute */ - nextPageParaName?: string; - /** Defines the path to a next page token JSON */ - nextPageTokenJsonPath?: string; - /** Defines the path to a page count attribute */ - pageCountAttributePath?: string; - /** Defines the path to a page total count attribute */ - pageTotalCountAttributePath?: string; - /** Defines the path to a paging time stamp attribute */ - pageTimeStampAttributePath?: string; - /** Determines whether to search for the latest time stamp in the events list */ - searchTheLatestTimeStampFromEventsList?: string; - /** Defines the name of the page size parameter */ - pageSizeParaName?: string; - /** Defines the paging size */ - pageSize?: number; -} +}; -/** Describes the response from the external server */ -export interface CodelessConnectorPollingResponseProperties { - /** Describes the path we should extract the data in the response */ - eventsJsonPaths: string[]; - /** Describes the path we should extract the status code in the response */ - successStatusJsonPath?: string; - /** Describes the path we should extract the status value in the response */ - successStatusValue?: string; - /** Describes if the data in the response is Gzip */ - isGzipCompressed?: boolean; -} +/** Represents threat intelligence data connector. */ +export type TIDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The lookback period for the feed to be imported. */ + tipLookbackPeriod?: Date; + /** The available data types for the connector. */ + dataTypes?: TIDataConnectorDataTypes; +}; -/** The Activity query definitions */ -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; - /** The dimensions we want to summarize the timeline results on, this is comma separated list */ - summarizeBy?: string; -} +/** Represents office data connector. */ +export type OfficeDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: OfficeDataConnectorDataTypes; +}; -/** The data type definition */ -export interface DataTypeDefinitions { - /** The data type name */ - dataType?: string; -} +/** Settings with single toggle. */ +export type ToggleSettings = Settings & { + /** Determines whether the setting is enable or disabled. */ + isEnabled?: boolean; +}; -/** ThreatIntelligence property bag. */ -export interface ThreatIntelligence { - /** - * Confidence (must be between 0 and 1) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidence?: number; - /** - * Name of the provider from whom this Threat Intelligence information was received - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly providerName?: string; - /** - * Report link - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly reportLink?: string; +/** Represents settings for User and Entity Behavior Analytics enablement. */ +export type UebaSettings = Settings & { /** - * Threat description (free text) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatDescription?: string; - /** - * Threat name (e.g. "Jedobot malware") + * Determines whether the tenant has ATP (Advanced Threat Protection) license. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly threatName?: string; + readonly atpLicenseStatus?: LicenseStatus; + /** Determines whether User and Entity Behavior Analytics is enabled for this workspace. */ + isEnabled?: boolean; /** - * Threat type (e.g. "Botnet") + * Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly threatType?: string; -} + readonly statusInMcas?: StatusInMcas; +}; -/** The geo-location context attached to the ip entity */ -export interface GeoLocation { - /** - * Autonomous System Number - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly asn?: number; - /** - * City name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly city?: string; - /** - * The country code according to ISO 3166 format - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countryCode?: string; - /** - * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countryName?: string; +/** Represents Fusion alert rule template. */ +export type FusionAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; /** - * The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. + * The time that this alert rule template has been added. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly latitude?: number; + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data connectors for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule template */ + tactics?: AttackTactic[]; +}; + +/** Represents MicrosoftSecurityIncidentCreation rule template. */ +export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; /** - * The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + * The time that this alert rule template has been added. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly longitude?: number; + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data connectors for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter?: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; +}; + +/** Represents scheduled alert rule template. */ +export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; /** - * State name + * The time that this alert rule template has been added. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly state?: string; -} - -/** An azure resource object with an Etag property */ -export type ResourceWithEtag = Resource & { - /** Etag of the azure resource */ - etag?: string; -}; - -/** Alert rule template. */ -export type AlertRuleTemplate = Resource & { - /** The kind of the alert rule */ - kind: AlertRuleKind; -}; - -/** Specific entity. */ -export type Entity = Resource & { - /** The kind of the entity. */ - kind: EntityKind; -}; - -/** Consent for Office365 tenant that already made. */ -export type OfficeConsent = Resource & { - /** The tenantId of the Office365 with the consent. */ - tenantId?: string; - /** Help to easily cascade among the data layers. */ - consentId?: string; -}; - -/** Specific entity query template. */ -export type EntityQueryTemplate = Resource & { - /** the entity query template kind */ - kind: EntityQueryTemplateKind; -}; - -/** Action property bag. */ -export type ActionResponseProperties = ActionPropertiesBase & { - /** The name of the logic app's workflow. */ - workflowId?: string; -}; - -/** Action property bag. */ -export type ActionRequestProperties = ActionPropertiesBase & { - /** Logic App Callback URL for this specific workflow. */ - triggerUri: string; -}; - -/** Describes an automation rule condition that evaluates a property's value */ -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - conditionType: "Property"; - /** The configuration of the automation rule condition */ - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -/** Describes an automation rule action to run a playbook */ -export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook"; - /** The configuration of the run playbook automation rule action */ - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; -}; - -/** Describes an automation rule action to modify an object's properties */ -export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "ModifyProperties"; - /** The configuration of the modify properties automation rule action */ - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; -}; - -/** Represents Activity timeline item. */ -export type ActivityTimelineItem = EntityTimelineItem & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Activity"; - /** The activity query id. */ - queryId: string; - /** The grouping bucket start time. */ - bucketStartTimeUTC: Date; - /** The grouping bucket end time. */ - bucketEndTimeUTC: Date; - /** The time of the first activity in the grouping bucket. */ - firstActivityTimeUTC: Date; - /** The time of the last activity in the grouping bucket. */ - lastActivityTimeUTC: Date; - /** The activity timeline content. */ - content: string; - /** The activity timeline title. */ - title: string; -}; - -/** Represents bookmark timeline item. */ -export type BookmarkTimelineItem = EntityTimelineItem & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Bookmark"; - /** The bookmark azure resource id. */ - azureResourceId: string; - /** The bookmark display name. */ - displayName?: string; - /** The notes of the bookmark */ - notes?: string; - /** The bookmark end time. */ - endTimeUtc?: Date; - /** The bookmark start time. */ - startTimeUtc?: Date; - /** The bookmark event time. */ - eventTime?: Date; - /** Describes a user that created the bookmark */ - createdBy?: UserInfo; - /** List of labels relevant to this bookmark */ - labels?: string[]; -}; - -/** Represents security alert timeline item. */ -export type SecurityAlertTimelineItem = EntityTimelineItem & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "SecurityAlert"; - /** The alert azure resource id. */ - azureResourceId: string; - /** The alert product name. */ - productName?: string; - /** The alert description. */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ description?: string; - /** The alert name. */ - displayName: string; - /** The alert severity. */ - severity: AlertSeverity; - /** The alert end time. */ - endTimeUtc: Date; - /** The alert start time. */ - startTimeUtc: Date; - /** The alert generated time. */ - timeGenerated: Date; - /** The name of the alert type. */ - alertType: string; -}; - -/** Represents Insight Query. */ -export type InsightQueryItem = EntityQueryItem & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Insight"; - /** Properties bag for InsightQueryItem */ - properties?: InsightQueryItemProperties; -}; - -/** SecurityAlert entity property bag. */ -export type SecurityAlertProperties = EntityCommonProperties & { - /** - * The display name of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly alertDisplayName?: string; - /** - * The type name of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly alertType?: string; - /** - * Display name of the main entity being reported on. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly compromisedEntity?: string; - /** - * The confidence level of this alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceLevel?: ConfidenceLevel; - /** - * The confidence reasons - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; - /** - * The confidence score of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceScore?: number; - /** - * The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceScoreStatus?: ConfidenceScoreStatus; - /** - * Alert description. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The impact end time of the alert (the time of the last event contributing to the alert). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly endTimeUtc?: Date; - /** - * Holds the alert intent stage(s) mapping for this alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly intent?: KillChainIntent; - /** - * The identifier of the alert inside the product which generated the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly providerAlertId?: string; - /** - * The time the alert was made available for consumption. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly processingEndTime?: Date; - /** - * The name of a component inside the product which generated the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly productComponentName?: string; - /** - * The name of the product which published this alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly productName?: string; - /** - * The version of the product generating the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly productVersion?: string; - /** - * Manual action items to take to remediate the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly remediationSteps?: string[]; - /** The severity of the alert */ - severity?: AlertSeverity; - /** - * The impact start time of the alert (the time of the first event contributing to the alert). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly startTimeUtc?: Date; - /** - * The lifecycle status of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly status?: AlertStatus; - /** - * Holds the product identifier of the alert for the product. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly systemAlertId?: string; - /** - * The tactics of the alert - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; - /** - * The time the alert was generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly timeGenerated?: Date; - /** - * The name of the vendor that raise the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly vendorName?: string; - /** - * The uri link of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly alertLink?: string; - /** - * The list of resource identifiers of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly resourceIdentifiers?: Record[]; -}; - -/** Describes bookmark properties */ -export type HuntingBookmarkProperties = EntityCommonProperties & { - /** The time the bookmark was created */ - created?: Date; - /** Describes a user that created the bookmark */ - createdBy?: UserInfo; - /** The display name of the bookmark */ - displayName: string; - /** The time of the event */ - eventTime?: Date; - /** List of labels relevant to this bookmark */ - labels?: string[]; - /** The notes of the bookmark */ - notes?: string; - /** The query of the bookmark. */ - query: string; - /** The query result of the bookmark. */ - queryResult?: string; - /** The last time the bookmark was updated */ - updated?: Date; - /** Describes a user that updated the bookmark */ - updatedBy?: UserInfo; - /** Describes an incident that relates to bookmark */ - incidentInfo?: IncidentInfo; -}; - -/** Describes threat intelligence entity properties */ -export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & { - /** List of tags */ - threatIntelligenceTags?: string[]; - /** Last updated time in UTC */ - lastUpdatedTimeUtc?: string; - /** Source of a threat intelligence entity */ - source?: string; - /** Display name of a threat intelligence entity */ + /** The display name for alert rule template. */ displayName?: string; - /** Description of a threat intelligence entity */ - description?: string; - /** Indicator types of threat intelligence entities */ - indicatorTypes?: string[]; - /** Pattern of a threat intelligence entity */ - pattern?: string; - /** Pattern type of a threat intelligence entity */ - patternType?: string; - /** Pattern version of a threat intelligence entity */ - patternVersion?: string; - /** Kill chain phases */ - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - /** Parsed patterns */ - parsedPattern?: ThreatIntelligenceParsedPattern[]; - /** External ID of threat intelligence entity */ - externalId?: string; - /** Created by reference of threat intelligence entity */ - createdByRef?: string; - /** Is threat intelligence entity defanged */ - defanged?: boolean; - /** External last updated time in UTC */ - externalLastUpdatedTimeUtc?: string; - /** External References */ - externalReferences?: ThreatIntelligenceExternalReference[]; - /** Granular Markings */ - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - /** Labels of threat intelligence entity */ - labels?: string[]; - /** Is threat intelligence entity revoked */ - revoked?: boolean; - /** Confidence of threat intelligence entity */ - confidence?: number; - /** Threat intelligence entity object marking references */ - objectMarkingRefs?: string[]; - /** Language of threat intelligence entity */ - language?: string; - /** Threat types */ - threatTypes?: string[]; - /** Valid from */ - validFrom?: string; - /** Valid until */ - validUntil?: string; - /** Created by */ - created?: string; - /** Modified by */ - modified?: string; - /** Extensions map */ - extensions?: { [propertyName: string]: any }; -}; - -/** Account entity property bag. */ -export type AccountEntityProperties = EntityCommonProperties & { - /** - * The Azure Active Directory tenant id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly aadTenantId?: string; - /** - * The Azure Active Directory user id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly aadUserId?: string; - /** - * The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly accountName?: string; - /** - * The display name of the account. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** - * The Host entity id that contains the account in case it is a local account (not domain joined) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; - /** - * Determines whether this is a domain account. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isDomainJoined?: boolean; - /** - * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ntDomain?: string; - /** - * The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly objectGuid?: string; - /** - * The Azure Active Directory Passport User ID. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly puid?: string; - /** - * The account security identifier, e.g. S-1-5-18. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sid?: string; - /** - * The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly upnSuffix?: string; - /** - * The fully qualified domain DNS name. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly dnsDomain?: string; + /** The required data connectors for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The query that creates alerts for this rule. */ + query?: string; + /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ + queryFrequency?: string; + /** The period (in ISO 8601 duration format) that this alert rule looks at. */ + queryPeriod?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The operation against the threshold that triggers alert rule. */ + triggerOperator?: TriggerOperator; + /** The threshold triggers this alert rule. */ + triggerThreshold?: number; + /** The tactics of the alert rule template */ + tactics?: AttackTactic[]; }; -/** AzureResource entity property bag. */ -export type AzureResourceEntityProperties = EntityCommonProperties & { - /** - * The azure resource id of the resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly resourceId?: string; - /** - * The subscription id of the resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly subscriptionId?: string; -}; +/** Known values of {@link AlertRuleKind} that the service accepts. */ +export enum KnownAlertRuleKind { + Scheduled = "Scheduled", + MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", + Fusion = "Fusion" +} -/** CloudApplication entity property bag. */ -export type CloudApplicationEntityProperties = EntityCommonProperties & { - /** - * The technical identifier of the application. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly appId?: number; - /** - * The name of the related cloud application. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly appName?: string; - /** - * The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly instanceName?: string; -}; +/** + * Defines values for AlertRuleKind. \ + * {@link KnownAlertRuleKind} can be used interchangeably with AlertRuleKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Scheduled** \ + * **MicrosoftSecurityIncidentCreation** \ + * **Fusion** + */ +export type AlertRuleKind = string; -/** Dns entity property bag. */ -export type DnsEntityProperties = EntityCommonProperties & { - /** - * An ip entity id for the dns server resolving the request - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly dnsServerIpEntityId?: string; - /** - * The name of the dns record associated with the alert - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly domainName?: string; - /** - * An ip entity id for the dns request client - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostIpAddressEntityId?: string; - /** - * Ip entity identifiers for the resolved ip address. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ipAddressEntityIds?: string[]; -}; - -/** File entity property bag. */ -export type FileEntityProperties = EntityCommonProperties & { - /** - * The full path to the file. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly directory?: string; - /** - * The file hash entity identifiers associated with this file - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileHashEntityIds?: string[]; - /** - * The file name without path (some alerts might not include path). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileName?: string; - /** - * The Host entity id which the file belongs to - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; -}; - -/** FileHash entity property bag. */ -export type FileHashEntityProperties = EntityCommonProperties & { - /** - * The hash algorithm type. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly algorithm?: FileHashAlgorithm; - /** - * The file hash value. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hashValue?: string; -}; - -/** Host entity property bag. */ -export type HostEntityProperties = EntityCommonProperties & { - /** - * The azure resource id of the VM. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly azureID?: string; - /** - * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly dnsDomain?: string; - /** - * The hostname without the domain suffix. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostName?: string; - /** - * Determines whether this host belongs to a domain. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isDomainJoined?: boolean; - /** - * The host name (pre-windows2000). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly netBiosName?: string; - /** - * The NT domain that this host belongs to. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ntDomain?: string; - /** - * The OMS agent id, if the host has OMS agent installed. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly omsAgentID?: string; - /** The operating system type. */ - osFamily?: OSFamily; - /** - * A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly osVersion?: string; -}; - -/** IoTDevice entity property bag. */ -export type IoTDeviceEntityProperties = EntityCommonProperties & { - /** - * The ID of the IoT Device in the IoT Hub - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceId?: string; - /** - * The friendly name of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceName?: string; - /** - * The source of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly source?: string; - /** - * The ID of the security agent running on the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly iotSecurityAgentId?: string; - /** - * The type of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceType?: string; - /** - * The vendor of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly vendor?: string; - /** - * The ID of the edge device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly edgeId?: string; - /** - * The MAC address of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly macAddress?: string; - /** - * The model of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly model?: string; - /** - * The serial number of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly serialNumber?: string; - /** - * The firmware version of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly firmwareVersion?: string; - /** - * The operating system of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly operatingSystem?: string; - /** - * The AzureResource entity id of the IoT Hub - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly iotHubEntityId?: string; - /** - * The Host entity id of this device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; - /** - * The IP entity if of this device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ipAddressEntityId?: string; - /** - * A list of TI contexts attached to the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatIntelligence?: ThreatIntelligence[]; - /** - * A list of protocols of the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly protocols?: string[]; -}; - -/** Ip entity property bag. */ -export type IpEntityProperties = EntityCommonProperties & { - /** - * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly address?: string; - /** - * The geo-location context attached to the ip entity - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly location?: GeoLocation; - /** - * A list of TI contexts attached to the ip entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatIntelligence?: ThreatIntelligence[]; -}; - -/** Mailbox entity property bag. */ -export type MailboxEntityProperties = EntityCommonProperties & { - /** - * The mailbox's primary address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly mailboxPrimaryAddress?: string; - /** - * The mailbox's display name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** - * The mailbox's UPN - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly upn?: string; - /** - * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly externalDirectoryObjectId?: string; -}; - -/** Mail cluster entity property bag. */ -export type MailClusterEntityProperties = EntityCommonProperties & { - /** - * The mail message IDs that are part of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly networkMessageIds?: string[]; - /** - * Count of mail messages by DeliveryStatus string representation - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countByDeliveryStatus?: Record; - /** - * Count of mail messages by ThreatType string representation - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countByThreatType?: Record; - /** - * Count of mail messages by ProtectionStatus string representation - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countByProtectionStatus?: Record; - /** - * The threats of mail messages that are part of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threats?: string[]; - /** - * The query that was used to identify the messages of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly query?: string; - /** - * The query time - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly queryTime?: Date; - /** - * The number of mail messages that are part of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly mailCount?: number; - /** - * Is this a volume anomaly mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isVolumeAnomaly?: boolean; - /** - * The source of the mail cluster (default is 'O365 ATP') - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly source?: string; - /** - * The id of the cluster source - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterSourceIdentifier?: string; - /** - * The type of the cluster source - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterSourceType?: string; - /** - * The cluster query start time - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterQueryStartTime?: Date; - /** - * The cluster query end time - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterQueryEndTime?: Date; - /** - * The cluster group - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterGroup?: string; -}; - -/** Mail message entity property bag. */ -export type MailMessageEntityProperties = EntityCommonProperties & { - /** - * The File entity ids of this mail message's attachments - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileEntityIds?: string[]; - /** - * The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly recipient?: string; - /** - * The Urls contained in this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly urls?: string[]; - /** - * The threats of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threats?: string[]; - /** - * The p1 sender's email address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p1Sender?: string; - /** - * The p1 sender's display name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p1SenderDisplayName?: string; - /** - * The p1 sender's domain - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p1SenderDomain?: string; - /** - * The sender's IP address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly senderIP?: string; - /** - * The p2 sender's email address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p2Sender?: string; - /** - * The p2 sender's display name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p2SenderDisplayName?: string; - /** - * The p2 sender's domain - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p2SenderDomain?: string; - /** - * The receive date of this message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly receiveDate?: Date; - /** - * The network message id of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly networkMessageId?: string; - /** - * The internet message id of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly internetMessageId?: string; - /** - * The subject of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly subject?: string; - /** - * The language of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly language?: string; - /** - * The threat detection methods - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatDetectionMethods?: string[]; - /** The bodyFingerprintBin1 */ - bodyFingerprintBin1?: number; - /** The bodyFingerprintBin2 */ - bodyFingerprintBin2?: number; - /** The bodyFingerprintBin3 */ - bodyFingerprintBin3?: number; - /** The bodyFingerprintBin4 */ - bodyFingerprintBin4?: number; - /** The bodyFingerprintBin5 */ - bodyFingerprintBin5?: number; - /** The directionality of this mail message */ - antispamDirection?: AntispamMailDirection; - /** The delivery action of this mail message like Delivered, Blocked, Replaced etc */ - deliveryAction?: DeliveryAction; - /** The delivery location of this mail message like Inbox, JunkFolder etc */ - deliveryLocation?: DeliveryLocation; -}; - -/** Malware entity property bag. */ -export type MalwareEntityProperties = EntityCommonProperties & { - /** - * The malware category by the vendor, e.g. Trojan - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly category?: string; - /** - * List of linked file entity identifiers on which the malware was found - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileEntityIds?: string[]; - /** - * The malware name by the vendor, e.g. Win32/Toga!rfn - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly malwareName?: string; - /** - * List of linked process entity identifiers on which the malware was found. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly processEntityIds?: string[]; -}; - -/** Process entity property bag. */ -export type ProcessEntityProperties = EntityCommonProperties & { - /** - * The account entity id running the processes. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly accountEntityId?: string; - /** - * The command line used to create the process - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly commandLine?: string; - /** - * The time when the process started to run - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly creationTimeUtc?: Date; - /** The elevation token associated with the process. */ - elevationToken?: ElevationToken; - /** - * The host entity id on which the process was running - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; - /** - * The session entity id in which the process was running - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostLogonSessionEntityId?: string; - /** - * Image file entity id - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly imageFileEntityId?: string; - /** - * The parent process entity id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly parentProcessEntityId?: string; - /** - * The process ID - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly processId?: string; -}; - -/** RegistryKey entity property bag. */ -export type RegistryKeyEntityProperties = EntityCommonProperties & { - /** - * the hive that holds the registry key. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hive?: RegistryHive; - /** - * The registry key path. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly key?: string; -}; - -/** RegistryValue entity property bag. */ -export type RegistryValueEntityProperties = EntityCommonProperties & { - /** - * The registry key entity id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly keyEntityId?: string; - /** - * String formatted representation of the value data. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly valueData?: string; - /** - * The registry value name. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly valueName?: string; - /** - * Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly valueType?: RegistryValueKind; -}; - -/** SecurityGroup entity property bag. */ -export type SecurityGroupEntityProperties = EntityCommonProperties & { - /** - * The group distinguished name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly distinguishedName?: string; - /** - * A single-value attribute that is the unique identifier for the object, assigned by active directory. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly objectGuid?: string; - /** - * The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sid?: string; -}; - -/** Submission mail entity property bag. */ -export type SubmissionMailEntityProperties = EntityCommonProperties & { - /** - * The network message id of email to which submission belongs - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly networkMessageId?: string; - /** - * The submission id - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly submissionId?: string; - /** - * The submitter - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly submitter?: string; - /** - * The submission date - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly submissionDate?: Date; - /** - * The Time stamp when the message is received (Mail) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly timestamp?: Date; - /** - * The recipient of the mail - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly recipient?: string; - /** - * The sender of the mail - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sender?: string; - /** - * The sender's IP - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly senderIp?: string; - /** - * The subject of submission mail - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly subject?: string; - /** - * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly reportType?: string; -}; - -/** Url entity property bag. */ -export type UrlEntityProperties = EntityCommonProperties & { - /** - * A full URL the entity points to - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly url?: string; -}; - -/** Represents AAD (Azure Active Directory) requirements check request. */ -export type AADCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureActiveDirectory"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents AATP (Azure Advanced Threat Protection) requirements check request. */ -export type AatpCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureAdvancedThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents ASC (Azure Security Center) requirements check request. */ -export type ASCCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureSecurityCenter"; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -}; - -/** Amazon Web Services CloudTrail requirements check request. */ -export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AmazonWebServicesCloudTrail"; -}; - -/** Amazon Web Services S3 requirements check request. */ -export type AwsS3CheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AmazonWebServicesS3"; -}; - -/** Represents Dynamics365 requirements check request. */ -export type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Dynamics365"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents MCAS (Microsoft Cloud App Security) requirements check request. */ -export type McasCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftCloudAppSecurity"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */ -export type MdatpCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftDefenderAdvancedThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents Microsoft Threat Intelligence requirements check request. */ -export type MstiCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftThreatIntelligence"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents MTP (Microsoft Threat Protection) requirements check request. */ -export type MtpCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */ -export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "OfficeATP"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */ -export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "OfficeIRM"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Threat Intelligence Platforms data connector check requirements */ -export type TICheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "ThreatIntelligence"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Threat Intelligence TAXII data connector check requirements */ -export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "ThreatIntelligenceTaxii"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -}; - -/** Threat intelligence indicator entity used in request body. */ -export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { - /** Etag of the azure resource */ - etag?: string; - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** List of tags */ - threatIntelligenceTags?: string[]; - /** Last updated time in UTC */ - lastUpdatedTimeUtc?: string; - /** Source of a threat intelligence entity */ - source?: string; - /** Display name of a threat intelligence entity */ - displayName?: string; - /** Description of a threat intelligence entity */ - description?: string; - /** Indicator types of threat intelligence entities */ - indicatorTypes?: string[]; - /** Pattern of a threat intelligence entity */ - pattern?: string; - /** Pattern type of a threat intelligence entity */ - patternType?: string; - /** Pattern version of a threat intelligence entity */ - patternVersion?: string; - /** Kill chain phases */ - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - /** Parsed patterns */ - parsedPattern?: ThreatIntelligenceParsedPattern[]; - /** External ID of threat intelligence entity */ - externalId?: string; - /** Created by reference of threat intelligence entity */ - createdByRef?: string; - /** Is threat intelligence entity defanged */ - defanged?: boolean; - /** External last updated time in UTC */ - externalLastUpdatedTimeUtc?: string; - /** External References */ - externalReferences?: ThreatIntelligenceExternalReference[]; - /** Granular Markings */ - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - /** Labels of threat intelligence entity */ - labels?: string[]; - /** Is threat intelligence entity revoked */ - revoked?: boolean; - /** Confidence of threat intelligence entity */ - confidence?: number; - /** Threat intelligence entity object marking references */ - objectMarkingRefs?: string[]; - /** Language of threat intelligence entity */ - language?: string; - /** Threat types */ - threatTypes?: string[]; - /** Valid from */ - validFrom?: string; - /** Valid until */ - validUntil?: string; - /** Created by */ - created?: string; - /** Modified by */ - modified?: string; - /** Extensions map */ - extensions?: { [propertyName: string]: any }; -}; - -/** Threat intelligence information object. */ -export type ThreatIntelligenceInformation = ResourceWithEtag & - ThreatIntelligenceResourceKind & {}; - -/** MLBehaviorAnalytics alert rule template properties. */ -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; -}; - -/** Fusion alert rule template properties */ -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** Threat Intelligence alert rule template properties */ -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** MicrosoftSecurityIncidentCreation rule template properties */ -export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & - MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; - -/** Scheduled alert rule template properties */ -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & - QueryBasedAlertRuleTemplateProperties & - ScheduledAlertRuleCommonProperties & {}; - -/** NRT alert rule template properties */ -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & - QueryBasedAlertRuleTemplateProperties & {}; - -/** MicrosoftSecurityIncidentCreation rule property bag. */ -export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** The description of the alert rule. */ - description?: string; - /** The display name for alerts created by this alert rule. */ - displayName: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled: boolean; - /** - * The last time that this alert has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; -}; - -/** Scheduled alert rule base property bag. */ -export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & - QueryBasedAlertRuleProperties & {}; - -/** Nrt alert rule base property bag. */ -export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {}; - -/** Represents Insight Query. */ -export type InsightQueryItemProperties = EntityQueryItemProperties & { - /** The insight display name. */ - displayName?: string; - /** The insight description. */ - description?: string; - /** The base query of the insight. */ - baseQuery?: string; - /** The insight table query. */ - tableQuery?: InsightQueryItemPropertiesTableQuery; - /** The insight chart query. */ - chartQuery?: Record; - /** The activity query definitions. */ - additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; - /** The insight chart query. */ - defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; - /** The insight chart query. */ - referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; -}; - -/** AAD (Azure Active Directory) requirements check properties. */ -export type AADCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** AATP (Azure Advanced Threat Protection) requirements check properties. */ -export type AatpCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** Dynamics365 requirements check properties. */ -export type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {}; - -/** MCAS (Microsoft Cloud App Security) requirements check properties. */ -export type McasCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */ -export type MdatpCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** Microsoft Threat Intelligence requirements check properties. */ -export type MstiCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** MTP (Microsoft Threat Protection) requirements check properties. */ -export type MTPCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. */ -export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */ -export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** Threat Intelligence Platforms data connector required properties. */ -export type TICheckRequirementsProperties = DataConnectorTenantId & {}; - -/** Threat Intelligence TAXII data connector required properties. */ -export type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {}; - -/** AAD (Azure Active Directory) data connector properties. */ -export type AADDataConnectorProperties = DataConnectorTenantId & - DataConnectorWithAlertsProperties & {}; - -/** Microsoft Threat Intelligence data connector properties. */ -export type MstiDataConnectorProperties = DataConnectorTenantId & { - /** The available data types for the connector. */ - dataTypes: MstiDataConnectorDataTypes; -}; - -/** MTP (Microsoft Threat Protection) data connector properties. */ -export type MTPDataConnectorProperties = DataConnectorTenantId & { - /** The available data types for the connector. */ - dataTypes: MTPDataConnectorDataTypes; -}; - -/** AATP (Azure Advanced Threat Protection) data connector properties. */ -export type AatpDataConnectorProperties = DataConnectorTenantId & - DataConnectorWithAlertsProperties & {}; - -/** MCAS (Microsoft Cloud App Security) data connector properties. */ -export type McasDataConnectorProperties = DataConnectorTenantId & { - /** The available data types for the connector. */ - dataTypes: McasDataConnectorDataTypes; -}; - -/** Dynamics365 data connector properties. */ -export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { - /** The available data types for the connector. */ - dataTypes: Dynamics365DataConnectorDataTypes; -}; - -/** OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */ -export type OfficeATPDataConnectorProperties = DataConnectorTenantId & - DataConnectorWithAlertsProperties & {}; - -/** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ -export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & - DataConnectorWithAlertsProperties & {}; - -/** MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. */ -export type MdatpDataConnectorProperties = DataConnectorTenantId & - DataConnectorWithAlertsProperties & {}; - -/** Office data connector properties. */ -export type OfficeDataConnectorProperties = DataConnectorTenantId & { - /** The available data types for the connector. */ - dataTypes: OfficeDataConnectorDataTypes; -}; - -/** TI (Threat Intelligence) data connector properties. */ -export type TIDataConnectorProperties = DataConnectorTenantId & { - /** The lookback period for the feed to be imported. */ - tipLookbackPeriod?: Date; - /** The available data types for the connector. */ - dataTypes: TIDataConnectorDataTypes; -}; - -/** Threat Intelligence TAXII data connector properties. */ -export type TiTaxiiDataConnectorProperties = DataConnectorTenantId & { - /** The workspace id. */ - workspaceId?: string; - /** The friendly name for the TAXII server. */ - friendlyName?: string; - /** The API root for the TAXII server. */ - taxiiServer?: string; - /** The collection id of the TAXII server. */ - collectionId?: string; - /** The userName for the TAXII server. */ - userName?: string; - /** The password for the TAXII server. */ - password?: string; - /** The lookback period for the TAXII server. */ - taxiiLookbackPeriod?: Date; - /** The polling frequency for the TAXII server. */ - pollingFrequency: PollingFrequency | null; - /** The available data types for Threat Intelligence TAXII data connector. */ - dataTypes: TiTaxiiDataConnectorDataTypes; -}; - -/** ASC (Azure Security Center) data connector properties. */ -export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -}; - -/** The available data types for MCAS (Microsoft Cloud App Security) data connector. */ -export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { - /** Discovery log data type connection. */ - discoveryLogs?: DataConnectorDataTypeCommon; -}; - -/** Data type for Microsoft Threat Intelligence Platforms data connector. */ -export type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & { - /** lookback period */ - lookbackPeriod: string; -}; - -/** Data type for Microsoft Threat Intelligence Platforms data connector. */ -export type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & { - /** lookback period */ - lookbackPeriod: string; -}; - -/** Data type for Microsoft Threat Protection Platforms data connector. */ -export type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {}; - -/** Logs data type. */ -export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; - -/** Logs data type. */ -export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; - -/** Common Data Service data type connection. */ -export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; - -/** Exchange data type connection. */ -export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; - -/** SharePoint data type connection. */ -export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; - -/** Teams data type connection. */ -export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; - -/** Data type for indicators connection. */ -export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; - -/** Data type for TAXII connector. */ -export type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {}; - -export type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {}; - -export type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {}; - -export type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {}; - -export type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {}; - -export type PermissionsResourceProviderItem = ResourceProvider & {}; - -/** Customs permissions required for the connector */ -export type Customs = CustomsPermission & {}; - -export type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {}; - -export type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {}; - -/** Alert rule. */ -export type AlertRule = ResourceWithEtag & { - /** The kind of the alert rule */ - kind: AlertRuleKind; -}; - -/** Action for alert rule. */ -export type ActionResponse = ResourceWithEtag & { - /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ - logicAppResourceId?: string; - /** The name of the logic app's workflow. */ - workflowId?: string; -}; - -/** Action for alert rule. */ -export type ActionRequest = ResourceWithEtag & { - /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ - logicAppResourceId?: string; - /** Logic App Callback URL for this specific workflow. */ - triggerUri?: string; -}; - -/** Represents an automation rule. */ -export type AutomationRule = ResourceWithEtag & { - /** The display name of the automation rule */ - displayName?: string; - /** The order of execution of the automation rule */ - order?: number; - /** The triggering logic of the automation rule */ - triggeringLogic?: AutomationRuleTriggeringLogic; - /** The actions to execute when the automation rule is triggered */ - actions?: AutomationRuleActionUnion[]; - /** - * The time the automation rule was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** - * The last time the automation rule was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; - /** - * Describes the client that created the automation rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdBy?: ClientInfo; - /** - * Describes the client that last updated the automation rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedBy?: ClientInfo; -}; - -/** Represents a bookmark in Azure Security Insights. */ -export type Bookmark = ResourceWithEtag & { - /** The time the bookmark was created */ - created?: Date; - /** Describes a user that created the bookmark */ - createdBy?: UserInfo; - /** The display name of the bookmark */ - displayName?: string; - /** List of labels relevant to this bookmark */ - labels?: string[]; - /** The notes of the bookmark */ - notes?: string; - /** The query of the bookmark. */ - query?: string; - /** The query result of the bookmark. */ - queryResult?: string; - /** The last time the bookmark was updated */ - updated?: Date; - /** Describes a user that updated the bookmark */ - updatedBy?: UserInfo; - /** The bookmark event time */ - eventTime?: Date; - /** The start time for the query */ - queryStartTime?: Date; - /** The end time for the query */ - queryEndTime?: Date; - /** Describes an incident that relates to bookmark */ - incidentInfo?: IncidentInfo; -}; - -/** Represents a relation between two resources */ -export type Relation = ResourceWithEtag & { - /** The resource ID of the related resource */ - relatedResourceId?: string; - /** - * The name of the related resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedResourceName?: string; - /** - * The resource type of the related resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedResourceType?: string; - /** - * The resource kind of the related resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedResourceKind?: string; -}; - -/** Specific entity query. */ -export type EntityQuery = ResourceWithEtag & { - /** the entity query kind */ - kind: EntityQueryKind; -}; - -/** Specific entity query that supports put requests. */ -export type CustomEntityQuery = ResourceWithEtag & { - /** the entity query kind */ - kind: CustomEntityQueryKind; -}; - -/** Represents an incident in Azure Security Insights. */ -export type Incident = ResourceWithEtag & { - /** - * Additional data on the incident - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: IncidentAdditionalData; - /** The reason the incident was closed */ - classification?: IncidentClassification; - /** Describes the reason the incident was closed */ - classificationComment?: string; - /** The classification reason the incident was closed with */ - classificationReason?: IncidentClassificationReason; - /** - * The time the incident was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** The description of the incident */ - description?: string; - /** The time of the first activity in the incident */ - firstActivityTimeUtc?: Date; - /** - * The deep-link url to the incident in Azure portal - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly incidentUrl?: string; - /** - * A sequential number - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly incidentNumber?: number; - /** List of labels relevant to this incident */ - labels?: IncidentLabel[]; - /** The name of the source provider that generated the incident */ - providerName?: string; - /** The incident ID assigned by the incident provider */ - providerIncidentId?: string; - /** The time of the last activity in the incident */ - lastActivityTimeUtc?: Date; - /** - * The last time the incident was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; - /** Describes a user that the incident is assigned to */ - owner?: IncidentOwnerInfo; - /** - * List of resource ids of Analytic rules related to the incident - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedAnalyticRuleIds?: string[]; - /** The severity of the incident */ - severity?: IncidentSeverity; - /** The status of the incident */ - status?: IncidentStatus; - /** Describes a team for the incident */ - teamInformation?: TeamInformation; - /** The title of the incident */ - title?: string; -}; - -/** Represents an incident comment */ -export type IncidentComment = ResourceWithEtag & { - /** - * The time the comment was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** - * The time the comment was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; - /** The comment message */ - message?: string; - /** - * Describes the client that created the comment - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly author?: ClientInfo; -}; - -/** Metadata resource definition. */ -export type MetadataModel = ResourceWithEtag & { - /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ - contentId?: string; - /** Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) */ - parentId?: string; - /** Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks */ - version?: string; - /** The kind of content the metadata is for. */ - kind?: Kind; - /** Source of the content. This is where/how it was created. */ - source?: MetadataSource; - /** The creator of the content item. */ - author?: MetadataAuthor; - /** Support information for the metadata - type, name, contact information */ - support?: MetadataSupport; - /** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */ - dependencies?: MetadataDependencies; - /** Categories for the solution content item */ - categories?: MetadataCategories; - /** Providers for the solution content item */ - providers?: string[]; - /** first publish date solution content item */ - firstPublishDate?: Date; - /** last publish date for the solution content item */ - lastPublishDate?: Date; -}; - -/** Metadata patch request body. */ -export type MetadataPatch = ResourceWithEtag & { - /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ - contentId?: string; - /** Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) */ - parentId?: string; - /** Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks */ - version?: string; - /** The kind of content the metadata is for. */ - kind?: Kind; - /** Source of the content. This is where/how it was created. */ - source?: MetadataSource; - /** The creator of the content item. */ - author?: MetadataAuthor; - /** Support information for the metadata - type, name, contact information */ - support?: MetadataSupport; - /** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */ - dependencies?: MetadataDependencies; - /** Categories for the solution content item */ - categories?: MetadataCategories; - /** Providers for the solution content item */ - providers?: string[]; - /** first publish date solution content item */ - firstPublishDate?: Date; - /** last publish date for the solution content item */ - lastPublishDate?: Date; -}; - -/** Sentinel onboarding state */ -export type SentinelOnboardingState = ResourceWithEtag & { - /** Flag that indicates the status of the CMK setting */ - customerManagedKey?: boolean; -}; - -/** The Setting. */ -export type Settings = ResourceWithEtag & { - /** The kind of the setting */ - kind: SettingKind; -}; - -/** Represents a SourceControl in Azure Security Insights. */ -export type SourceControl = ResourceWithEtag & { - /** The id (a Guid) of the source control */ - idPropertiesId?: string; - /** The display name of the source control */ - displayName?: string; - /** A description of the source control */ - description?: string; - /** The repository type of the source control */ - repoType?: RepoType; - /** Array of source control content types. */ - contentTypes?: ContentType[]; - /** Repository metadata. */ - repository?: Repository; -}; - -/** Represents a Watchlist in Azure Security Insights. */ -export type Watchlist = ResourceWithEtag & { - /** The id (a Guid) of the watchlist */ - watchlistId?: string; - /** The display name of the watchlist */ - displayName?: string; - /** The provider of the watchlist */ - provider?: string; - /** The source of the watchlist */ - source?: Source; - /** The time the watchlist was created */ - created?: Date; - /** The last time the watchlist was updated */ - updated?: Date; - /** Describes a user that created the watchlist */ - createdBy?: UserInfo; - /** Describes a user that updated the watchlist */ - updatedBy?: UserInfo; - /** A description of the watchlist */ - description?: string; - /** The type of the watchlist */ - watchlistType?: string; - /** The alias of the watchlist */ - watchlistAlias?: string; - /** A flag that indicates if the watchlist is deleted or not */ - isDeleted?: boolean; - /** List of labels relevant to this watchlist */ - labels?: string[]; - /** The default duration of a watchlist (in ISO 8601 duration format) */ - defaultDuration?: string; - /** The tenantId where the watchlist belongs to */ - tenantId?: string; - /** The number of lines in a csv/tsv content to skip before the header */ - numberOfLinesToSkip?: number; - /** The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint */ - rawContent?: string; - /** The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. */ - itemsSearchKey?: string; - /** The content type of the raw content. Example : text/csv or text/tsv */ - contentType?: string; - /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */ - uploadStatus?: string; - /** The number of Watchlist Items in the Watchlist */ - watchlistItemsCount?: number; -}; - -/** Represents a Watchlist item in Azure Security Insights. */ -export type WatchlistItem = ResourceWithEtag & { - /** The type of the watchlist item */ - watchlistItemType?: string; - /** The id (a Guid) of the watchlist item */ - watchlistItemId?: string; - /** The tenantId to which the watchlist item belongs to */ - tenantId?: string; - /** A flag that indicates if the watchlist item is deleted or not */ - isDeleted?: boolean; - /** The time the watchlist item was created */ - created?: Date; - /** The last time the watchlist item was updated */ - updated?: Date; - /** Describes a user that created the watchlist item */ - createdBy?: UserInfo; - /** Describes a user that updated the watchlist item */ - updatedBy?: UserInfo; - /** key-value pairs for a watchlist item */ - itemsKeyValue?: Record; - /** key-value pairs for a watchlist item entity mapping */ - entityMapping?: Record; -}; - -/** Data connector */ -export type DataConnector = ResourceWithEtag & { - /** The data connector kind */ - kind: DataConnectorKind; -}; - -/** Represents MLBehaviorAnalytics alert rule template. */ -export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; -}; - -/** Represents Fusion alert rule template. */ -export type FusionAlertRuleTemplate = AlertRuleTemplate & { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** Represents Threat Intelligence alert rule template. */ -export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** Represents MicrosoftSecurityIncidentCreation rule template. */ -export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** the alerts' displayNames on which the cases will be generated */ - displayNamesFilter?: string[]; - /** the alerts' displayNames on which the cases will not be generated */ - displayNamesExcludeFilter?: string[]; - /** The alerts' productName on which the cases will be generated */ - productFilter?: MicrosoftSecurityProductName; - /** the alerts' severities on which the cases will be generated */ - severitiesFilter?: AlertSeverity[]; -}; - -/** Represents scheduled alert rule template. */ -export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The query that creates alerts for this rule. */ - query?: string; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ - version?: string; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; - /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ - queryFrequency?: string; - /** The period (in ISO 8601 duration format) that this alert rule looks at. */ - queryPeriod?: string; - /** The operation against the threshold that triggers alert rule. */ - triggerOperator?: TriggerOperator; - /** The threshold triggers this alert rule. */ - triggerThreshold?: number; - /** The event grouping settings. */ - eventGroupingSettings?: EventGroupingSettings; -}; - -/** Represents NRT alert rule template. */ -export type NrtAlertRuleTemplate = AlertRuleTemplate & { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The query that creates alerts for this rule. */ - query?: string; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ - version?: string; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -}; - -/** Represents a security alert entity. */ -export type SecurityAlert = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The display name of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly alertDisplayName?: string; - /** - * The type name of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly alertType?: string; - /** - * Display name of the main entity being reported on. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly compromisedEntity?: string; - /** - * The confidence level of this alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceLevel?: ConfidenceLevel; - /** - * The confidence reasons - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; - /** - * The confidence score of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceScore?: number; - /** - * The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly confidenceScoreStatus?: ConfidenceScoreStatus; - /** - * Alert description. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The impact end time of the alert (the time of the last event contributing to the alert). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly endTimeUtc?: Date; - /** - * Holds the alert intent stage(s) mapping for this alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly intent?: KillChainIntent; - /** - * The identifier of the alert inside the product which generated the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly providerAlertId?: string; - /** - * The time the alert was made available for consumption. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly processingEndTime?: Date; - /** - * The name of a component inside the product which generated the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly productComponentName?: string; - /** - * The name of the product which published this alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly productName?: string; - /** - * The version of the product generating the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly productVersion?: string; - /** - * Manual action items to take to remediate the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly remediationSteps?: string[]; - /** The severity of the alert */ - severity?: AlertSeverity; - /** - * The impact start time of the alert (the time of the first event contributing to the alert). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly startTimeUtc?: Date; - /** - * The lifecycle status of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly status?: AlertStatus; - /** - * Holds the product identifier of the alert for the product. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly systemAlertId?: string; - /** - * The tactics of the alert - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; - /** - * The time the alert was generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly timeGenerated?: Date; - /** - * The name of the vendor that raise the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly vendorName?: string; - /** - * The uri link of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly alertLink?: string; - /** - * The list of resource identifiers of the alert. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly resourceIdentifiers?: Record[]; -}; - -/** Represents a Hunting bookmark entity. */ -export type HuntingBookmark = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** The time the bookmark was created */ - created?: Date; - /** Describes a user that created the bookmark */ - createdBy?: UserInfo; - /** The display name of the bookmark */ - displayName?: string; - /** The time of the event */ - eventTime?: Date; - /** List of labels relevant to this bookmark */ - labels?: string[]; - /** The notes of the bookmark */ - notes?: string; - /** The query of the bookmark. */ - query?: string; - /** The query result of the bookmark. */ - queryResult?: string; - /** The last time the bookmark was updated */ - updated?: Date; - /** Describes a user that updated the bookmark */ - updatedBy?: UserInfo; - /** Describes an incident that relates to bookmark */ - incidentInfo?: IncidentInfo; -}; - -/** Represents an account entity. */ -export type AccountEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The Azure Active Directory tenant id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly aadTenantId?: string; - /** - * The Azure Active Directory user id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly aadUserId?: string; - /** - * The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly accountName?: string; - /** - * The display name of the account. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** - * The Host entity id that contains the account in case it is a local account (not domain joined) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; - /** - * Determines whether this is a domain account. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isDomainJoined?: boolean; - /** - * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ntDomain?: string; - /** - * The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly objectGuid?: string; - /** - * The Azure Active Directory Passport User ID. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly puid?: string; - /** - * The account security identifier, e.g. S-1-5-18. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sid?: string; - /** - * The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly upnSuffix?: string; - /** - * The fully qualified domain DNS name. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly dnsDomain?: string; -}; - -/** Represents an azure resource entity. */ -export type AzureResourceEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The azure resource id of the resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly resourceId?: string; - /** - * The subscription id of the resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly subscriptionId?: string; -}; - -/** Represents a cloud application entity. */ -export type CloudApplicationEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The technical identifier of the application. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly appId?: number; - /** - * The name of the related cloud application. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly appName?: string; - /** - * The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly instanceName?: string; -}; - -/** Represents a dns entity. */ -export type DnsEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * An ip entity id for the dns server resolving the request - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly dnsServerIpEntityId?: string; - /** - * The name of the dns record associated with the alert - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly domainName?: string; - /** - * An ip entity id for the dns request client - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostIpAddressEntityId?: string; - /** - * Ip entity identifiers for the resolved ip address. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ipAddressEntityIds?: string[]; -}; - -/** Represents a file entity. */ -export type FileEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The full path to the file. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly directory?: string; - /** - * The file hash entity identifiers associated with this file - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileHashEntityIds?: string[]; - /** - * The file name without path (some alerts might not include path). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileName?: string; - /** - * The Host entity id which the file belongs to - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; -}; - -/** Represents a file hash entity. */ -export type FileHashEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The hash algorithm type. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly algorithm?: FileHashAlgorithm; - /** - * The file hash value. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hashValue?: string; -}; - -/** Represents a host entity. */ -export type HostEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The azure resource id of the VM. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly azureID?: string; - /** - * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly dnsDomain?: string; - /** - * The hostname without the domain suffix. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostName?: string; - /** - * Determines whether this host belongs to a domain. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isDomainJoined?: boolean; - /** - * The host name (pre-windows2000). - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly netBiosName?: string; - /** - * The NT domain that this host belongs to. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ntDomain?: string; - /** - * The OMS agent id, if the host has OMS agent installed. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly omsAgentID?: string; - /** The operating system type. */ - osFamily?: OSFamily; - /** - * A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly osVersion?: string; -}; - -/** Represents an IoT device entity. */ -export type IoTDeviceEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The ID of the IoT Device in the IoT Hub - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceId?: string; - /** - * The friendly name of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceName?: string; - /** - * The source of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly source?: string; - /** - * The ID of the security agent running on the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly iotSecurityAgentId?: string; - /** - * The type of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceType?: string; - /** - * The vendor of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly vendor?: string; - /** - * The ID of the edge device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly edgeId?: string; - /** - * The MAC address of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly macAddress?: string; - /** - * The model of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly model?: string; - /** - * The serial number of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly serialNumber?: string; - /** - * The firmware version of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly firmwareVersion?: string; - /** - * The operating system of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly operatingSystem?: string; - /** - * The AzureResource entity id of the IoT Hub - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly iotHubEntityId?: string; - /** - * The Host entity id of this device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; - /** - * The IP entity if of this device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ipAddressEntityId?: string; - /** - * A list of TI contexts attached to the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatIntelligence?: ThreatIntelligence[]; - /** - * A list of protocols of the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly protocols?: string[]; -}; - -/** Represents an ip entity. */ -export type IpEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly address?: string; - /** - * The geo-location context attached to the ip entity - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly location?: GeoLocation; - /** - * A list of TI contexts attached to the ip entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatIntelligence?: ThreatIntelligence[]; -}; - -/** Represents a mailbox entity. */ -export type MailboxEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The mailbox's primary address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly mailboxPrimaryAddress?: string; - /** - * The mailbox's display name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** - * The mailbox's UPN - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly upn?: string; - /** - * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly externalDirectoryObjectId?: string; -}; - -/** Represents a mail cluster entity. */ -export type MailClusterEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The mail message IDs that are part of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly networkMessageIds?: string[]; - /** - * Count of mail messages by DeliveryStatus string representation - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countByDeliveryStatus?: Record; - /** - * Count of mail messages by ThreatType string representation - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countByThreatType?: Record; - /** - * Count of mail messages by ProtectionStatus string representation - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly countByProtectionStatus?: Record; - /** - * The threats of mail messages that are part of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threats?: string[]; - /** - * The query that was used to identify the messages of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly query?: string; - /** - * The query time - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly queryTime?: Date; - /** - * The number of mail messages that are part of the mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly mailCount?: number; - /** - * Is this a volume anomaly mail cluster - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isVolumeAnomaly?: boolean; - /** - * The source of the mail cluster (default is 'O365 ATP') - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly source?: string; - /** - * The id of the cluster source - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterSourceIdentifier?: string; - /** - * The type of the cluster source - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterSourceType?: string; - /** - * The cluster query start time - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterQueryStartTime?: Date; - /** - * The cluster query end time - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterQueryEndTime?: Date; - /** - * The cluster group - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly clusterGroup?: string; -}; - -/** Represents a mail message entity. */ -export type MailMessageEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The File entity ids of this mail message's attachments - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileEntityIds?: string[]; - /** - * The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly recipient?: string; - /** - * The Urls contained in this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly urls?: string[]; - /** - * The threats of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threats?: string[]; - /** - * The p1 sender's email address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p1Sender?: string; - /** - * The p1 sender's display name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p1SenderDisplayName?: string; - /** - * The p1 sender's domain - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p1SenderDomain?: string; - /** - * The sender's IP address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly senderIP?: string; - /** - * The p2 sender's email address - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p2Sender?: string; - /** - * The p2 sender's display name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p2SenderDisplayName?: string; - /** - * The p2 sender's domain - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly p2SenderDomain?: string; - /** - * The receive date of this message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly receiveDate?: Date; - /** - * The network message id of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly networkMessageId?: string; - /** - * The internet message id of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly internetMessageId?: string; - /** - * The subject of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly subject?: string; - /** - * The language of this mail message - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly language?: string; - /** - * The threat detection methods - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly threatDetectionMethods?: string[]; - /** The bodyFingerprintBin1 */ - bodyFingerprintBin1?: number; - /** The bodyFingerprintBin2 */ - bodyFingerprintBin2?: number; - /** The bodyFingerprintBin3 */ - bodyFingerprintBin3?: number; - /** The bodyFingerprintBin4 */ - bodyFingerprintBin4?: number; - /** The bodyFingerprintBin5 */ - bodyFingerprintBin5?: number; - /** The directionality of this mail message */ - antispamDirection?: AntispamMailDirection; - /** The delivery action of this mail message like Delivered, Blocked, Replaced etc */ - deliveryAction?: DeliveryAction; - /** The delivery location of this mail message like Inbox, JunkFolder etc */ - deliveryLocation?: DeliveryLocation; -}; - -/** Represents a malware entity. */ -export type MalwareEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The malware category by the vendor, e.g. Trojan - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly category?: string; - /** - * List of linked file entity identifiers on which the malware was found - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly fileEntityIds?: string[]; - /** - * The malware name by the vendor, e.g. Win32/Toga!rfn - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly malwareName?: string; - /** - * List of linked process entity identifiers on which the malware was found. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly processEntityIds?: string[]; -}; - -/** Represents a process entity. */ -export type ProcessEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The account entity id running the processes. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly accountEntityId?: string; - /** - * The command line used to create the process - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly commandLine?: string; - /** - * The time when the process started to run - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly creationTimeUtc?: Date; - /** The elevation token associated with the process. */ - elevationToken?: ElevationToken; - /** - * The host entity id on which the process was running - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostEntityId?: string; - /** - * The session entity id in which the process was running - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hostLogonSessionEntityId?: string; - /** - * Image file entity id - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly imageFileEntityId?: string; - /** - * The parent process entity id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly parentProcessEntityId?: string; - /** - * The process ID - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly processId?: string; -}; - -/** Represents a registry key entity. */ -export type RegistryKeyEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * the hive that holds the registry key. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly hive?: RegistryHive; - /** - * The registry key path. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly key?: string; -}; - -/** Represents a registry value entity. */ -export type RegistryValueEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The registry key entity id. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly keyEntityId?: string; - /** - * String formatted representation of the value data. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly valueData?: string; - /** - * The registry value name. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly valueName?: string; - /** - * Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly valueType?: RegistryValueKind; -}; - -/** Represents a security group entity. */ -export type SecurityGroupEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The group distinguished name - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly distinguishedName?: string; - /** - * A single-value attribute that is the unique identifier for the object, assigned by active directory. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly objectGuid?: string; - /** - * The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sid?: string; -}; - -/** Represents a submission mail entity. */ -export type SubmissionMailEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The network message id of email to which submission belongs - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly networkMessageId?: string; - /** - * The submission id - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly submissionId?: string; - /** - * The submitter - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly submitter?: string; - /** - * The submission date - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly submissionDate?: Date; - /** - * The Time stamp when the message is received (Mail) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly timestamp?: Date; - /** - * The recipient of the mail - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly recipient?: string; - /** - * The sender of the mail - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sender?: string; - /** - * The sender's IP - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly senderIp?: string; - /** - * The subject of submission mail - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly subject?: string; - /** - * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly reportType?: string; -}; - -/** Represents a url entity. */ -export type UrlEntity = Entity & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * A full URL the entity points to - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly url?: string; -}; - -/** Represents Activity entity query. */ -export type ActivityEntityQueryTemplate = EntityQueryTemplate & { - /** The entity query title */ - title?: string; - /** The entity query content to display in timeline */ - content?: string; - /** The entity query description */ - description?: string; - /** The Activity query definitions */ - queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions; - /** List of required data types for the given entity query template */ - dataTypes?: DataTypeDefinitions[]; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: { [propertyName: string]: string[] }; -}; - -/** Threat intelligence indicator entity. */ -export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** List of tags */ - threatIntelligenceTags?: string[]; - /** Last updated time in UTC */ - lastUpdatedTimeUtc?: string; - /** Source of a threat intelligence entity */ - source?: string; - /** Display name of a threat intelligence entity */ - displayName?: string; - /** Description of a threat intelligence entity */ - description?: string; - /** Indicator types of threat intelligence entities */ - indicatorTypes?: string[]; - /** Pattern of a threat intelligence entity */ - pattern?: string; - /** Pattern type of a threat intelligence entity */ - patternType?: string; - /** Pattern version of a threat intelligence entity */ - patternVersion?: string; - /** Kill chain phases */ - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - /** Parsed patterns */ - parsedPattern?: ThreatIntelligenceParsedPattern[]; - /** External ID of threat intelligence entity */ - externalId?: string; - /** Created by reference of threat intelligence entity */ - createdByRef?: string; - /** Is threat intelligence entity defanged */ - defanged?: boolean; - /** External last updated time in UTC */ - externalLastUpdatedTimeUtc?: string; - /** External References */ - externalReferences?: ThreatIntelligenceExternalReference[]; - /** Granular Markings */ - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - /** Labels of threat intelligence entity */ - labels?: string[]; - /** Is threat intelligence entity revoked */ - revoked?: boolean; - /** Confidence of threat intelligence entity */ - confidence?: number; - /** Threat intelligence entity object marking references */ - objectMarkingRefs?: string[]; - /** Language of threat intelligence entity */ - language?: string; - /** Threat types */ - threatTypes?: string[]; - /** Valid from */ - validFrom?: string; - /** Valid until */ - validUntil?: string; - /** Created by */ - created?: string; - /** Modified by */ - modified?: string; - /** Extensions map */ - extensions?: { [propertyName: string]: any }; -}; - -export type PermissionsCustomsItem = Customs & {}; - -/** Represents MLBehaviorAnalytics alert rule. */ -export type MLBehaviorAnalyticsAlertRule = AlertRule & { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** - * The description of the alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The display name for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert rule has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** - * The severity for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly severity?: AlertSeverity; - /** - * The tactics of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; -}; - -/** Represents Fusion alert rule. */ -export type FusionAlertRule = AlertRule & { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** - * The description of the alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The display name for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** - * The severity for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly severity?: AlertSeverity; - /** - * The tactics of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; -}; - -/** Represents Threat Intelligence alert rule. */ -export type ThreatIntelligenceAlertRule = AlertRule & { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** - * The description of the alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The display name for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** - * The severity for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly severity?: AlertSeverity; - /** - * The tactics of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; -}; - -/** Represents MicrosoftSecurityIncidentCreation rule. */ -export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { - /** the alerts' displayNames on which the cases will be generated */ - displayNamesFilter?: string[]; - /** the alerts' displayNames on which the cases will not be generated */ - displayNamesExcludeFilter?: string[]; - /** The alerts' productName on which the cases will be generated */ - productFilter?: MicrosoftSecurityProductName; - /** the alerts' severities on which the cases will be generated */ - severitiesFilter?: AlertSeverity[]; - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** The description of the alert rule. */ - description?: string; - /** The display name for alerts created by this alert rule. */ - displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; -}; - -/** Represents scheduled alert rule. */ -export type ScheduledAlertRule = AlertRule & { - /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ - queryFrequency?: string; - /** The period (in ISO 8601 duration format) that this alert rule looks at. */ - queryPeriod?: string; - /** The operation against the threshold that triggers alert rule. */ - triggerOperator?: TriggerOperator; - /** The threshold triggers this alert rule. */ - triggerThreshold?: number; - /** The event grouping settings. */ - eventGroupingSettings?: EventGroupingSettings; - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ - templateVersion?: string; - /** The description of the alert rule. */ - description?: string; - /** The query that creates alerts for this rule. */ - query?: string; - /** The display name for alerts created by this alert rule. */ - displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert rule has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ - suppressionDuration?: string; - /** Determines whether the suppression for this alert rule is enabled or disabled. */ - suppressionEnabled?: boolean; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The settings of the incidents that created from alerts triggered by this analytics rule */ - incidentConfiguration?: IncidentConfiguration; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -}; - -/** Represents NRT alert rule. */ -export type NrtAlertRule = AlertRule & { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ - templateVersion?: string; - /** The description of the alert rule. */ - description?: string; - /** The query that creates alerts for this rule. */ - query?: string; - /** The display name for alerts created by this alert rule. */ - displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert rule has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ - suppressionDuration?: string; - /** Determines whether the suppression for this alert rule is enabled or disabled. */ - suppressionEnabled?: boolean; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The settings of the incidents that created from alerts triggered by this analytics rule */ - incidentConfiguration?: IncidentConfiguration; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -}; - -/** Represents Expansion entity query. */ -export type ExpansionEntityQuery = EntityQuery & { - /** List of the data sources that are required to run the query */ - dataSources?: string[]; - /** The query display name */ - displayName?: string; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - inputFields?: string[]; - /** List of the desired output types to be constructed from the result */ - outputEntityTypes?: EntityType[]; - /** The template query string to be parsed and formatted */ - queryTemplate?: string; -}; - -/** Represents Activity entity query. */ -export type ActivityEntityQuery = EntityQuery & { - /** The entity query title */ - title?: string; - /** The entity query content to display in timeline */ - content?: string; - /** The entity query description */ - description?: string; - /** The Activity query definitions */ - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: { [propertyName: string]: string[] }; - /** The template id this activity was created from */ - templateName?: string; - /** Determines whether this activity is enabled or disabled. */ - enabled?: boolean; - /** - * The time the activity was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** - * The last time the activity was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; -}; - -/** Represents Activity entity query. */ -export type ActivityCustomEntityQuery = CustomEntityQuery & { - /** The entity query title */ - title?: string; - /** The entity query content to display in timeline */ - content?: string; - /** The entity query description */ - description?: string; - /** The Activity query definitions */ - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: { [propertyName: string]: string[] }; - /** The template id this activity was created from */ - templateName?: string; - /** Determines whether this activity is enabled or disabled. */ - enabled?: boolean; - /** - * The time the activity was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** - * The last time the activity was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; -}; - -/** Settings with single toggle. */ -export type Anomalies = Settings & { - /** - * Determines whether the setting is enable or disabled. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isEnabled?: boolean; -}; - -/** Settings with single toggle. */ -export type EyesOn = Settings & { - /** - * Determines whether the setting is enable or disabled. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isEnabled?: boolean; -}; - -/** Settings with single toggle. */ -export type EntityAnalytics = Settings & { - /** - * Determines whether the setting is enable or disabled. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isEnabled?: boolean; -}; - -/** Settings with single toggle. */ -export type Ueba = Settings & { - /** The relevant data sources that enriched by ueba */ - dataSources?: UebaDataSources[]; -}; - -/** Represents AAD (Azure Active Directory) data connector. */ -export type AADDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -/** Represents Microsoft Threat Intelligence data connector. */ -export type MstiDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: MstiDataConnectorDataTypes; -}; - -/** Represents MTP (Microsoft Threat Protection) data connector. */ -export type MTPDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: MTPDataConnectorDataTypes; -}; - -/** Represents AATP (Azure Advanced Threat Protection) data connector. */ -export type AatpDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -/** Represents ASC (Azure Security Center) data connector. */ -export type ASCDataConnector = DataConnector & { - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -}; - -/** Represents Amazon Web Services CloudTrail data connector. */ -export type AwsCloudTrailDataConnector = DataConnector & { - /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */ - awsRoleArn?: string; - /** The available data types for the connector. */ - dataTypes?: AwsCloudTrailDataConnectorDataTypes; -}; - -/** Represents Amazon Web Services S3 data connector. */ -export type AwsS3DataConnector = DataConnector & { - /** The logs destination table name in LogAnalytics. */ - destinationTable?: string; - /** The AWS sqs urls for the connector. */ - sqsUrls?: string[]; - /** The Aws Role Arn that is used to access the Aws account. */ - roleArn?: string; - /** The available data types for the connector. */ - dataTypes?: AwsS3DataConnectorDataTypes; -}; - -/** Represents MCAS (Microsoft Cloud App Security) data connector. */ -export type McasDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: McasDataConnectorDataTypes; -}; - -/** Represents Dynamics365 data connector. */ -export type Dynamics365DataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: Dynamics365DataConnectorDataTypes; -}; - -/** Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */ -export type OfficeATPDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -/** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ -export type OfficeIRMDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -/** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */ -export type MdatpDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -}; - -/** Represents office data connector. */ -export type OfficeDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: OfficeDataConnectorDataTypes; -}; - -/** Represents threat intelligence data connector. */ -export type TIDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The lookback period for the feed to be imported. */ - tipLookbackPeriod?: Date; - /** The available data types for the connector. */ - dataTypes?: TIDataConnectorDataTypes; -}; - -/** Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */ -export type TiTaxiiDataConnector = DataConnector & { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The workspace id. */ - workspaceId?: string; - /** The friendly name for the TAXII server. */ - friendlyName?: string; - /** The API root for the TAXII server. */ - taxiiServer?: string; - /** The collection id of the TAXII server. */ - collectionId?: string; - /** The userName for the TAXII server. */ - userName?: string; - /** The password for the TAXII server. */ - password?: string; - /** The lookback period for the TAXII server. */ - taxiiLookbackPeriod?: Date; - /** The polling frequency for the TAXII server. */ - pollingFrequency?: PollingFrequency; - /** The available data types for Threat Intelligence TAXII data connector. */ - dataTypes?: TiTaxiiDataConnectorDataTypes; -}; - -/** Represents Codeless UI data connector. */ -export type CodelessUiDataConnector = DataConnector & { - /** Config to describe the instructions blade */ - connectorUiConfig?: CodelessUiConnectorConfigProperties; -}; - -/** Represents Codeless API Polling data connector. */ -export type CodelessApiPollingDataConnector = DataConnector & { - /** Config to describe the instructions blade */ - connectorUiConfig?: CodelessUiConnectorConfigProperties; - /** Config to describe the polling instructions */ - pollingConfig?: CodelessConnectorPollingConfigProperties; -}; - -/** Known values of {@link AlertRuleKind} that the service accepts. */ -export enum KnownAlertRuleKind { - Scheduled = "Scheduled", - MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", - Fusion = "Fusion", - MLBehaviorAnalytics = "MLBehaviorAnalytics", - ThreatIntelligence = "ThreatIntelligence", - NRT = "NRT" -} - -/** - * Defines values for AlertRuleKind. \ - * {@link KnownAlertRuleKind} can be used interchangeably with AlertRuleKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Scheduled** \ - * **MicrosoftSecurityIncidentCreation** \ - * **Fusion** \ - * **MLBehaviorAnalytics** \ - * **ThreatIntelligence** \ - * **NRT** - */ -export type AlertRuleKind = string; - -/** Known values of {@link CreatedByType} that the service accepts. */ -export enum KnownCreatedByType { - User = "User", - Application = "Application", - ManagedIdentity = "ManagedIdentity", - Key = "Key" -} - -/** - * Defines values for CreatedByType. \ - * {@link KnownCreatedByType} can be used interchangeably with CreatedByType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **User** \ - * **Application** \ - * **ManagedIdentity** \ - * **Key** - */ -export type CreatedByType = string; - -/** Known values of {@link TriggersOn} that the service accepts. */ -export enum KnownTriggersOn { - /** Trigger on Incidents */ - Incidents = "Incidents" -} - -/** - * Defines values for TriggersOn. \ - * {@link KnownTriggersOn} can be used interchangeably with TriggersOn, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Incidents**: Trigger on Incidents - */ -export type TriggersOn = string; - -/** Known values of {@link TriggersWhen} that the service accepts. */ -export enum KnownTriggersWhen { - /** Trigger on created objects */ - Created = "Created" -} - -/** - * Defines values for TriggersWhen. \ - * {@link KnownTriggersWhen} can be used interchangeably with TriggersWhen, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Created**: Trigger on created objects - */ -export type TriggersWhen = string; - -/** Known values of {@link AutomationRuleConditionType} that the service accepts. */ -export enum KnownAutomationRuleConditionType { - /** Evaluate an object property value */ - Property = "Property" -} - -/** - * Defines values for AutomationRuleConditionType. \ - * {@link KnownAutomationRuleConditionType} can be used interchangeably with AutomationRuleConditionType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Property**: Evaluate an object property value - */ -export type AutomationRuleConditionType = string; - -/** Known values of {@link AutomationRuleActionType} that the service accepts. */ -export enum KnownAutomationRuleActionType { - /** Modify an object's properties */ - ModifyProperties = "ModifyProperties", - /** Run a playbook on an object */ - RunPlaybook = "RunPlaybook" -} - -/** - * Defines values for AutomationRuleActionType. \ - * {@link KnownAutomationRuleActionType} can be used interchangeably with AutomationRuleActionType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **ModifyProperties**: Modify an object's properties \ - * **RunPlaybook**: Run a playbook on an object - */ -export type AutomationRuleActionType = string; - -/** Known values of {@link IncidentSeverity} that the service accepts. */ -export enum KnownIncidentSeverity { - /** High severity */ - High = "High", - /** Medium severity */ - Medium = "Medium", - /** Low severity */ - Low = "Low", - /** Informational severity */ - Informational = "Informational" -} - -/** - * Defines values for IncidentSeverity. \ - * {@link KnownIncidentSeverity} can be used interchangeably with IncidentSeverity, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **High**: High severity \ - * **Medium**: Medium severity \ - * **Low**: Low severity \ - * **Informational**: Informational severity - */ -export type IncidentSeverity = string; - -/** Known values of {@link EntityKind} that the service accepts. */ -export enum KnownEntityKind { - /** Entity represents account in the system. */ - Account = "Account", - /** Entity represents host in the system. */ - Host = "Host", - /** Entity represents file in the system. */ - File = "File", - /** Entity represents azure resource in the system. */ - AzureResource = "AzureResource", - /** Entity represents cloud application in the system. */ - CloudApplication = "CloudApplication", - /** Entity represents dns resolution in the system. */ - DnsResolution = "DnsResolution", - /** Entity represents file hash in the system. */ - FileHash = "FileHash", - /** Entity represents ip in the system. */ - Ip = "Ip", - /** Entity represents malware in the system. */ - Malware = "Malware", - /** Entity represents process in the system. */ - Process = "Process", - /** Entity represents registry key in the system. */ - RegistryKey = "RegistryKey", - /** Entity represents registry value in the system. */ - RegistryValue = "RegistryValue", - /** Entity represents security group in the system. */ - SecurityGroup = "SecurityGroup", - /** Entity represents url in the system. */ - Url = "Url", - /** Entity represents IoT device in the system. */ - IoTDevice = "IoTDevice", - /** Entity represents security alert in the system. */ - SecurityAlert = "SecurityAlert", - /** Entity represents bookmark in the system. */ - Bookmark = "Bookmark", - /** Entity represents mail cluster in the system. */ - MailCluster = "MailCluster", - /** Entity represents mail message in the system. */ - MailMessage = "MailMessage", - /** Entity represents mailbox in the system. */ - Mailbox = "Mailbox", - /** Entity represents submission mail in the system. */ - SubmissionMail = "SubmissionMail" -} - -/** - * Defines values for EntityKind. \ - * {@link KnownEntityKind} can be used interchangeably with EntityKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Account**: Entity represents account in the system. \ - * **Host**: Entity represents host in the system. \ - * **File**: Entity represents file in the system. \ - * **AzureResource**: Entity represents azure resource in the system. \ - * **CloudApplication**: Entity represents cloud application in the system. \ - * **DnsResolution**: Entity represents dns resolution in the system. \ - * **FileHash**: Entity represents file hash in the system. \ - * **Ip**: Entity represents ip in the system. \ - * **Malware**: Entity represents malware in the system. \ - * **Process**: Entity represents process in the system. \ - * **RegistryKey**: Entity represents registry key in the system. \ - * **RegistryValue**: Entity represents registry value in the system. \ - * **SecurityGroup**: Entity represents security group in the system. \ - * **Url**: Entity represents url in the system. \ - * **IoTDevice**: Entity represents IoT device in the system. \ - * **SecurityAlert**: Entity represents security alert in the system. \ - * **Bookmark**: Entity represents bookmark in the system. \ - * **MailCluster**: Entity represents mail cluster in the system. \ - * **MailMessage**: Entity represents mail message in the system. \ - * **Mailbox**: Entity represents mailbox in the system. \ - * **SubmissionMail**: Entity represents submission mail in the system. - */ -export type EntityKind = string; - -/** Known values of {@link Enum8} that the service accepts. */ -export enum KnownEnum8 { - Expansion = "Expansion", - Activity = "Activity" -} - -/** - * Defines values for Enum8. \ - * {@link KnownEnum8} can be used interchangeably with Enum8, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Expansion** \ - * **Activity** - */ -export type Enum8 = string; - -/** Known values of {@link EntityQueryKind} that the service accepts. */ -export enum KnownEntityQueryKind { - Expansion = "Expansion", - Insight = "Insight", - Activity = "Activity" -} - -/** - * Defines values for EntityQueryKind. \ - * {@link KnownEntityQueryKind} can be used interchangeably with EntityQueryKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Expansion** \ - * **Insight** \ - * **Activity** - */ -export type EntityQueryKind = string; - -/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ -export enum KnownCustomEntityQueryKind { - Activity = "Activity" -} - -/** - * Defines values for CustomEntityQueryKind. \ - * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity** - */ -export type CustomEntityQueryKind = string; - -/** Known values of {@link EntityTimelineKind} that the service accepts. */ -export enum KnownEntityTimelineKind { - /** activity */ - Activity = "Activity", - /** bookmarks */ - Bookmark = "Bookmark", - /** security alerts */ - SecurityAlert = "SecurityAlert" -} - -/** - * Defines values for EntityTimelineKind. \ - * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity**: activity \ - * **Bookmark**: bookmarks \ - * **SecurityAlert**: security alerts - */ -export type EntityTimelineKind = string; - -/** Known values of {@link EntityItemQueryKind} that the service accepts. */ -export enum KnownEntityItemQueryKind { - /** insight */ - Insight = "Insight" -} - -/** - * Defines values for EntityItemQueryKind. \ - * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Insight**: insight - */ -export type EntityItemQueryKind = string; - -/** Known values of {@link AttackTactic} that the service accepts. */ -export enum KnownAttackTactic { - InitialAccess = "InitialAccess", - Execution = "Execution", - Persistence = "Persistence", - PrivilegeEscalation = "PrivilegeEscalation", - DefenseEvasion = "DefenseEvasion", - CredentialAccess = "CredentialAccess", - Discovery = "Discovery", - LateralMovement = "LateralMovement", - Collection = "Collection", - Exfiltration = "Exfiltration", - CommandAndControl = "CommandAndControl", - Impact = "Impact", - PreAttack = "PreAttack" -} - -/** - * Defines values for AttackTactic. \ - * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **InitialAccess** \ - * **Execution** \ - * **Persistence** \ - * **PrivilegeEscalation** \ - * **DefenseEvasion** \ - * **CredentialAccess** \ - * **Discovery** \ - * **LateralMovement** \ - * **Collection** \ - * **Exfiltration** \ - * **CommandAndControl** \ - * **Impact** \ - * **PreAttack** - */ -export type AttackTactic = string; - -/** Known values of {@link IncidentClassification} that the service accepts. */ -export enum KnownIncidentClassification { - /** Incident classification was undetermined */ - Undetermined = "Undetermined", - /** Incident was true positive */ - TruePositive = "TruePositive", - /** Incident was benign positive */ - BenignPositive = "BenignPositive", - /** Incident was false positive */ - FalsePositive = "FalsePositive" -} - -/** - * Defines values for IncidentClassification. \ - * {@link KnownIncidentClassification} can be used interchangeably with IncidentClassification, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Undetermined**: Incident classification was undetermined \ - * **TruePositive**: Incident was true positive \ - * **BenignPositive**: Incident was benign positive \ - * **FalsePositive**: Incident was false positive - */ -export type IncidentClassification = string; - -/** Known values of {@link IncidentClassificationReason} that the service accepts. */ -export enum KnownIncidentClassificationReason { - /** Classification reason was suspicious activity */ - SuspiciousActivity = "SuspiciousActivity", - /** Classification reason was suspicious but expected */ - SuspiciousButExpected = "SuspiciousButExpected", - /** Classification reason was incorrect alert logic */ - IncorrectAlertLogic = "IncorrectAlertLogic", - /** Classification reason was inaccurate data */ - InaccurateData = "InaccurateData" -} - -/** - * Defines values for IncidentClassificationReason. \ - * {@link KnownIncidentClassificationReason} can be used interchangeably with IncidentClassificationReason, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **SuspiciousActivity**: Classification reason was suspicious activity \ - * **SuspiciousButExpected**: Classification reason was suspicious but expected \ - * **IncorrectAlertLogic**: Classification reason was incorrect alert logic \ - * **InaccurateData**: Classification reason was inaccurate data - */ -export type IncidentClassificationReason = string; - -/** Known values of {@link IncidentLabelType} that the service accepts. */ -export enum KnownIncidentLabelType { - /** Label manually created by a user */ - User = "User", - /** Label automatically created by the system */ - System = "System" -} - -/** - * Defines values for IncidentLabelType. \ - * {@link KnownIncidentLabelType} can be used interchangeably with IncidentLabelType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **User**: Label manually created by a user \ - * **System**: Label automatically created by the system - */ -export type IncidentLabelType = string; - -/** Known values of {@link OwnerType} that the service accepts. */ -export enum KnownOwnerType { - /** The incident owner type is unknown */ - Unknown = "Unknown", - /** The incident owner type is an AAD user */ - User = "User", - /** The incident owner type is an AAD group */ - Group = "Group" -} - -/** - * Defines values for OwnerType. \ - * {@link KnownOwnerType} can be used interchangeably with OwnerType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: The incident owner type is unknown \ - * **User**: The incident owner type is an AAD user \ - * **Group**: The incident owner type is an AAD group - */ -export type OwnerType = string; - -/** Known values of {@link IncidentStatus} that the service accepts. */ -export enum KnownIncidentStatus { - /** An active incident which isn't being handled currently */ - New = "New", - /** An active incident which is being handled */ - Active = "Active", - /** A non-active incident */ - Closed = "Closed" -} - -/** - * Defines values for IncidentStatus. \ - * {@link KnownIncidentStatus} can be used interchangeably with IncidentStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **New**: An active incident which isn't being handled currently \ - * **Active**: An active incident which is being handled \ - * **Closed**: A non-active incident - */ -export type IncidentStatus = string; - -/** Known values of {@link ConfidenceLevel} that the service accepts. */ -export enum KnownConfidenceLevel { - /** Unknown confidence, the is the default value */ - Unknown = "Unknown", - /** Low confidence, meaning we have some doubts this is indeed malicious or part of an attack */ - Low = "Low", - /** High confidence that the alert is true positive malicious */ - High = "High" -} - -/** - * Defines values for ConfidenceLevel. \ - * {@link KnownConfidenceLevel} can be used interchangeably with ConfidenceLevel, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: Unknown confidence, the is the default value \ - * **Low**: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack \ - * **High**: High confidence that the alert is true positive malicious - */ -export type ConfidenceLevel = string; - -/** Known values of {@link ConfidenceScoreStatus} that the service accepts. */ -export enum KnownConfidenceScoreStatus { - /** Score will not be calculated for this alert as it is not supported by virtual analyst */ - NotApplicable = "NotApplicable", - /** No score was set yet and calculation is in progress */ - InProcess = "InProcess", - /** Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data */ - NotFinal = "NotFinal", - /** Final score was calculated and available */ - Final = "Final" -} - -/** - * Defines values for ConfidenceScoreStatus. \ - * {@link KnownConfidenceScoreStatus} can be used interchangeably with ConfidenceScoreStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **NotApplicable**: Score will not be calculated for this alert as it is not supported by virtual analyst \ - * **InProcess**: No score was set yet and calculation is in progress \ - * **NotFinal**: Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data \ - * **Final**: Final score was calculated and available - */ -export type ConfidenceScoreStatus = string; - -/** Known values of {@link KillChainIntent} that the service accepts. */ -export enum KnownKillChainIntent { - /** The default value. */ - Unknown = "Unknown", - /** Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. */ - Probing = "Probing", - /** Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. */ - Exploitation = "Exploitation", - /** Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. */ - Persistence = "Persistence", - /** Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. */ - PrivilegeEscalation = "PrivilegeEscalation", - /** Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. */ - DefenseEvasion = "DefenseEvasion", - /** Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. */ - CredentialAccess = "CredentialAccess", - /** Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. */ - Discovery = "Discovery", - /** Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. */ - LateralMovement = "LateralMovement", - /** The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. */ - Execution = "Execution", - /** Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. */ - Collection = "Collection", - /** Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. */ - Exfiltration = "Exfiltration", - /** The command and control tactic represents how adversaries communicate with systems under their control within a target network. */ - CommandAndControl = "CommandAndControl", - /** The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. */ - Impact = "Impact" -} - -/** - * Defines values for KillChainIntent. \ - * {@link KnownKillChainIntent} can be used interchangeably with KillChainIntent, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: The default value. \ - * **Probing**: Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. \ - * **Exploitation**: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. \ - * **Persistence**: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. \ - * **PrivilegeEscalation**: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. \ - * **DefenseEvasion**: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. \ - * **CredentialAccess**: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. \ - * **Discovery**: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. \ - * **LateralMovement**: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. \ - * **Execution**: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. \ - * **Collection**: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. \ - * **Exfiltration**: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. \ - * **CommandAndControl**: The command and control tactic represents how adversaries communicate with systems under their control within a target network. \ - * **Impact**: The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. - */ -export type KillChainIntent = string; - -/** Known values of {@link AlertSeverity} that the service accepts. */ -export enum KnownAlertSeverity { - /** High severity */ - High = "High", - /** Medium severity */ - Medium = "Medium", - /** Low severity */ - Low = "Low", - /** Informational severity */ - Informational = "Informational" -} - -/** - * Defines values for AlertSeverity. \ - * {@link KnownAlertSeverity} can be used interchangeably with AlertSeverity, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **High**: High severity \ - * **Medium**: Medium severity \ - * **Low**: Low severity \ - * **Informational**: Informational severity - */ -export type AlertSeverity = string; - -/** Known values of {@link AlertStatus} that the service accepts. */ -export enum KnownAlertStatus { - /** Unknown value */ - Unknown = "Unknown", - /** New alert */ - New = "New", - /** Alert closed after handling */ - Resolved = "Resolved", - /** Alert dismissed as false positive */ - Dismissed = "Dismissed", - /** Alert is being handled */ - InProgress = "InProgress" -} - -/** - * Defines values for AlertStatus. \ - * {@link KnownAlertStatus} can be used interchangeably with AlertStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: Unknown value \ - * **New**: New alert \ - * **Resolved**: Alert closed after handling \ - * **Dismissed**: Alert dismissed as false positive \ - * **InProgress**: Alert is being handled - */ -export type AlertStatus = string; - -/** Known values of {@link Kind} that the service accepts. */ -export enum KnownKind { - DataConnector = "DataConnector", - DataType = "DataType", - Workbook = "Workbook", - WorkbookTemplate = "WorkbookTemplate", - Playbook = "Playbook", - PlaybookTemplate = "PlaybookTemplate", - AnalyticsRuleTemplate = "AnalyticsRuleTemplate", - AnalyticsRule = "AnalyticsRule", - HuntingQuery = "HuntingQuery", - InvestigationQuery = "InvestigationQuery", - Parser = "Parser", - Watchlist = "Watchlist", - WatchlistTemplate = "WatchlistTemplate", - Solution = "Solution" -} - -/** - * Defines values for Kind. \ - * {@link KnownKind} can be used interchangeably with Kind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **DataConnector** \ - * **DataType** \ - * **Workbook** \ - * **WorkbookTemplate** \ - * **Playbook** \ - * **PlaybookTemplate** \ - * **AnalyticsRuleTemplate** \ - * **AnalyticsRule** \ - * **HuntingQuery** \ - * **InvestigationQuery** \ - * **Parser** \ - * **Watchlist** \ - * **WatchlistTemplate** \ - * **Solution** - */ -export type Kind = string; - -/** Known values of {@link SourceKind} that the service accepts. */ -export enum KnownSourceKind { - LocalWorkspace = "LocalWorkspace", - Community = "Community", - Solution = "Solution", - SourceRepository = "SourceRepository" -} - -/** - * Defines values for SourceKind. \ - * {@link KnownSourceKind} can be used interchangeably with SourceKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **LocalWorkspace** \ - * **Community** \ - * **Solution** \ - * **SourceRepository** - */ -export type SourceKind = string; - -/** Known values of {@link SupportTier} that the service accepts. */ -export enum KnownSupportTier { - Microsoft = "Microsoft", - Partner = "Partner", - Community = "Community" -} - -/** - * Defines values for SupportTier. \ - * {@link KnownSupportTier} can be used interchangeably with SupportTier, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Microsoft** \ - * **Partner** \ - * **Community** - */ -export type SupportTier = string; - -/** Known values of {@link Operator} that the service accepts. */ -export enum KnownOperator { - AND = "AND", - OR = "OR" -} - -/** - * Defines values for Operator. \ - * {@link KnownOperator} can be used interchangeably with Operator, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AND** \ - * **OR** - */ -export type Operator = string; - -/** Known values of {@link SettingKind} that the service accepts. */ -export enum KnownSettingKind { - Anomalies = "Anomalies", - EyesOn = "EyesOn", - EntityAnalytics = "EntityAnalytics", - Ueba = "Ueba" -} - -/** - * Defines values for SettingKind. \ - * {@link KnownSettingKind} can be used interchangeably with SettingKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Anomalies** \ - * **EyesOn** \ - * **EntityAnalytics** \ - * **Ueba** - */ -export type SettingKind = string; - -/** Known values of {@link RepoType} that the service accepts. */ -export enum KnownRepoType { - Github = "Github", - DevOps = "DevOps" -} - -/** - * Defines values for RepoType. \ - * {@link KnownRepoType} can be used interchangeably with RepoType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Github** \ - * **DevOps** - */ -export type RepoType = string; - -/** Known values of {@link ContentType} that the service accepts. */ -export enum KnownContentType { - AnalyticRule = "AnalyticRule", - Workbook = "Workbook" -} - -/** - * Defines values for ContentType. \ - * {@link KnownContentType} can be used interchangeably with ContentType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AnalyticRule** \ - * **Workbook** - */ -export type ContentType = string; - -/** Known values of {@link Source} that the service accepts. */ -export enum KnownSource { - LocalFile = "Local file", - RemoteStorage = "Remote storage" -} - -/** - * Defines values for Source. \ - * {@link KnownSource} can be used interchangeably with Source, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Local file** \ - * **Remote storage** - */ -export type Source = string; - -/** Known values of {@link DataConnectorKind} that the service accepts. */ -export enum KnownDataConnectorKind { - AzureActiveDirectory = "AzureActiveDirectory", - AzureSecurityCenter = "AzureSecurityCenter", - MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", - ThreatIntelligence = "ThreatIntelligence", - ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii", - Office365 = "Office365", - OfficeATP = "OfficeATP", - OfficeIRM = "OfficeIRM", - AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", - AmazonWebServicesS3 = "AmazonWebServicesS3", - AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", - MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", - Dynamics365 = "Dynamics365", - MicrosoftThreatProtection = "MicrosoftThreatProtection", - MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", - GenericUI = "GenericUI", - APIPolling = "APIPolling" -} - -/** - * Defines values for DataConnectorKind. \ - * {@link KnownDataConnectorKind} can be used interchangeably with DataConnectorKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AzureActiveDirectory** \ - * **AzureSecurityCenter** \ - * **MicrosoftCloudAppSecurity** \ - * **ThreatIntelligence** \ - * **ThreatIntelligenceTaxii** \ - * **Office365** \ - * **OfficeATP** \ - * **OfficeIRM** \ - * **AmazonWebServicesCloudTrail** \ - * **AmazonWebServicesS3** \ - * **AzureAdvancedThreatProtection** \ - * **MicrosoftDefenderAdvancedThreatProtection** \ - * **Dynamics365** \ - * **MicrosoftThreatProtection** \ - * **MicrosoftThreatIntelligence** \ - * **GenericUI** \ - * **APIPolling** - */ -export type DataConnectorKind = string; - -/** Known values of {@link ConnectAuthKind} that the service accepts. */ -export enum KnownConnectAuthKind { - Basic = "Basic", - OAuth2 = "OAuth2", - APIKey = "APIKey" -} - -/** - * Defines values for ConnectAuthKind. \ - * {@link KnownConnectAuthKind} can be used interchangeably with ConnectAuthKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Basic** \ - * **OAuth2** \ - * **APIKey** - */ -export type ConnectAuthKind = string; - -/** Known values of {@link DataConnectorAuthorizationState} that the service accepts. */ -export enum KnownDataConnectorAuthorizationState { - Valid = "Valid", - Invalid = "Invalid" -} - -/** - * Defines values for DataConnectorAuthorizationState. \ - * {@link KnownDataConnectorAuthorizationState} can be used interchangeably with DataConnectorAuthorizationState, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Valid** \ - * **Invalid** - */ -export type DataConnectorAuthorizationState = string; - -/** Known values of {@link DataConnectorLicenseState} that the service accepts. */ -export enum KnownDataConnectorLicenseState { - Valid = "Valid", - Invalid = "Invalid", - Unknown = "Unknown" -} - -/** - * Defines values for DataConnectorLicenseState. \ - * {@link KnownDataConnectorLicenseState} can be used interchangeably with DataConnectorLicenseState, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Valid** \ - * **Invalid** \ - * **Unknown** - */ -export type DataConnectorLicenseState = string; - -/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ -export enum KnownThreatIntelligenceResourceKindEnum { - /** Entity represents threat intelligence indicator in the system. */ - Indicator = "indicator" -} - -/** - * Defines values for ThreatIntelligenceResourceKindEnum. \ - * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **indicator**: Entity represents threat intelligence indicator in the system. - */ -export type ThreatIntelligenceResourceKindEnum = string; - -/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ -export enum KnownThreatIntelligenceSortingCriteriaEnum { - Unsorted = "unsorted", - Ascending = "ascending", - Descending = "descending" -} - -/** - * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ - * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **unsorted** \ - * **ascending** \ - * **descending** - */ -export type ThreatIntelligenceSortingCriteriaEnum = string; - -/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ -export enum KnownEntityQueryTemplateKind { - Activity = "Activity" -} - -/** - * Defines values for EntityQueryTemplateKind. \ - * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity** - */ -export type EntityQueryTemplateKind = string; - -/** Known values of {@link TemplateStatus} that the service accepts. */ -export enum KnownTemplateStatus { - /** Alert rule template installed. and can not use more then once */ - Installed = "Installed", - /** Alert rule template is available. */ - Available = "Available", - /** Alert rule template is not available */ - NotAvailable = "NotAvailable" -} - -/** - * Defines values for TemplateStatus. \ - * {@link KnownTemplateStatus} can be used interchangeably with TemplateStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Installed**: Alert rule template installed. and can not use more then once \ - * **Available**: Alert rule template is available. \ - * **NotAvailable**: Alert rule template is not available - */ -export type TemplateStatus = string; - -/** Known values of {@link EntityMappingType} that the service accepts. */ -export enum KnownEntityMappingType { - /** User account entity type */ - Account = "Account", - /** Host entity type */ - Host = "Host", - /** IP address entity type */ - IP = "IP", - /** Malware entity type */ - Malware = "Malware", - /** System file entity type */ - File = "File", - /** Process entity type */ - Process = "Process", - /** Cloud app entity type */ - CloudApplication = "CloudApplication", - /** DNS entity type */ - DNS = "DNS", - /** Azure resource entity type */ - AzureResource = "AzureResource", - /** File-hash entity type */ - FileHash = "FileHash", - /** Registry key entity type */ - RegistryKey = "RegistryKey", - /** Registry value entity type */ - RegistryValue = "RegistryValue", - /** Security group entity type */ - SecurityGroup = "SecurityGroup", - /** URL entity type */ - URL = "URL", - /** Mailbox entity type */ - Mailbox = "Mailbox", - /** Mail cluster entity type */ - MailCluster = "MailCluster", - /** Mail message entity type */ - MailMessage = "MailMessage", - /** Submission mail entity type */ - SubmissionMail = "SubmissionMail" -} - -/** - * Defines values for EntityMappingType. \ - * {@link KnownEntityMappingType} can be used interchangeably with EntityMappingType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Account**: User account entity type \ - * **Host**: Host entity type \ - * **IP**: IP address entity type \ - * **Malware**: Malware entity type \ - * **File**: System file entity type \ - * **Process**: Process entity type \ - * **CloudApplication**: Cloud app entity type \ - * **DNS**: DNS entity type \ - * **AzureResource**: Azure resource entity type \ - * **FileHash**: File-hash entity type \ - * **RegistryKey**: Registry key entity type \ - * **RegistryValue**: Registry value entity type \ - * **SecurityGroup**: Security group entity type \ - * **URL**: URL entity type \ - * **Mailbox**: Mailbox entity type \ - * **MailCluster**: Mail cluster entity type \ - * **MailMessage**: Mail message entity type \ - * **SubmissionMail**: Submission mail entity type - */ -export type EntityMappingType = string; - -/** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */ -export enum KnownMicrosoftSecurityProductName { - MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", - AzureSecurityCenter = "Azure Security Center", - AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", - AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", - AzureSecurityCenterForIoT = "Azure Security Center for IoT", - Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection", - MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection" -} - -/** - * Defines values for MicrosoftSecurityProductName. \ - * {@link KnownMicrosoftSecurityProductName} can be used interchangeably with MicrosoftSecurityProductName, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Microsoft Cloud App Security** \ - * **Azure Security Center** \ - * **Azure Advanced Threat Protection** \ - * **Azure Active Directory Identity Protection** \ - * **Azure Security Center for IoT** \ - * **Office 365 Advanced Threat Protection** \ - * **Microsoft Defender Advanced Threat Protection** - */ -export type MicrosoftSecurityProductName = string; - -/** Known values of {@link MatchingMethod} that the service accepts. */ -export enum KnownMatchingMethod { - /** Grouping alerts into a single incident if all the entities match */ - AllEntities = "AllEntities", - /** Grouping any alerts triggered by this rule into a single incident */ - AnyAlert = "AnyAlert", - /** Grouping alerts into a single incident if the selected entities, custom details and alert details match */ - Selected = "Selected" -} - -/** - * Defines values for MatchingMethod. \ - * {@link KnownMatchingMethod} can be used interchangeably with MatchingMethod, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AllEntities**: Grouping alerts into a single incident if all the entities match \ - * **AnyAlert**: Grouping any alerts triggered by this rule into a single incident \ - * **Selected**: Grouping alerts into a single incident if the selected entities, custom details and alert details match - */ -export type MatchingMethod = string; - -/** Known values of {@link AlertDetail} that the service accepts. */ -export enum KnownAlertDetail { - /** Alert display name */ - DisplayName = "DisplayName", - /** Alert severity */ - Severity = "Severity" -} - -/** - * Defines values for AlertDetail. \ - * {@link KnownAlertDetail} can be used interchangeably with AlertDetail, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **DisplayName**: Alert display name \ - * **Severity**: Alert severity - */ -export type AlertDetail = string; - -/** Known values of {@link EventGroupingAggregationKind} that the service accepts. */ -export enum KnownEventGroupingAggregationKind { - SingleAlert = "SingleAlert", - AlertPerResult = "AlertPerResult" -} - -/** - * Defines values for EventGroupingAggregationKind. \ - * {@link KnownEventGroupingAggregationKind} can be used interchangeably with EventGroupingAggregationKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **SingleAlert** \ - * **AlertPerResult** - */ -export type EventGroupingAggregationKind = string; - -/** Known values of {@link AutomationRulePropertyConditionSupportedProperty} that the service accepts. */ -export enum KnownAutomationRulePropertyConditionSupportedProperty { - /** The title of the incident */ - IncidentTitle = "IncidentTitle", - /** The description of the incident */ - IncidentDescription = "IncidentDescription", - /** The severity of the incident */ - IncidentSeverity = "IncidentSeverity", - /** The status of the incident */ - IncidentStatus = "IncidentStatus", - /** The tactics of the incident */ - IncidentTactics = "IncidentTactics", - /** The related Analytic rule ids of the incident */ - IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", - /** The provider name of the incident */ - IncidentProviderName = "IncidentProviderName", - /** The account Azure Active Directory tenant id */ - AccountAadTenantId = "AccountAadTenantId", - /** The account Azure Active Directory user id. */ - AccountAadUserId = "AccountAadUserId", - /** The account name */ - AccountName = "AccountName", - /** The account NetBIOS domain name */ - AccountNTDomain = "AccountNTDomain", - /** The account Azure Active Directory Passport User ID */ - AccountPuid = "AccountPUID", - /** The account security identifier */ - AccountSid = "AccountSid", - /** The account unique identifier */ - AccountObjectGuid = "AccountObjectGuid", - /** The account user principal name suffix */ - AccountUPNSuffix = "AccountUPNSuffix", - /** The Azure resource id */ - AzureResourceResourceId = "AzureResourceResourceId", - /** The Azure resource subscription id */ - AzureResourceSubscriptionId = "AzureResourceSubscriptionId", - /** The cloud application identifier */ - CloudApplicationAppId = "CloudApplicationAppId", - /** The cloud application name */ - CloudApplicationAppName = "CloudApplicationAppName", - /** The dns record domain name */ - DNSDomainName = "DNSDomainName", - /** The file directory full path */ - FileDirectory = "FileDirectory", - /** The file name without path */ - FileName = "FileName", - /** The file hash value */ - FileHashValue = "FileHashValue", - /** The host Azure resource id */ - HostAzureID = "HostAzureID", - /** The host name without domain */ - HostName = "HostName", - /** The host NetBIOS name */ - HostNetBiosName = "HostNetBiosName", - /** The host NT domain */ - HostNTDomain = "HostNTDomain", - /** The host operating system */ - HostOSVersion = "HostOSVersion", - /** The IoT device id */ - IoTDeviceId = "IoTDeviceId", - /** The IoT device name */ - IoTDeviceName = "IoTDeviceName", - /** The IoT device type */ - IoTDeviceType = "IoTDeviceType", - /** The IoT device vendor */ - IoTDeviceVendor = "IoTDeviceVendor", - /** The IoT device model */ - IoTDeviceModel = "IoTDeviceModel", - /** The IoT device operating system */ - IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem", - /** The IP address */ - IPAddress = "IPAddress", - /** The mailbox display name */ - MailboxDisplayName = "MailboxDisplayName", - /** The mailbox primary address */ - MailboxPrimaryAddress = "MailboxPrimaryAddress", - /** The mailbox user principal name */ - MailboxUPN = "MailboxUPN", - /** The mail message delivery action */ - MailMessageDeliveryAction = "MailMessageDeliveryAction", - /** The mail message delivery location */ - MailMessageDeliveryLocation = "MailMessageDeliveryLocation", - /** The mail message recipient */ - MailMessageRecipient = "MailMessageRecipient", - /** The mail message sender IP address */ - MailMessageSenderIP = "MailMessageSenderIP", - /** The mail message subject */ - MailMessageSubject = "MailMessageSubject", - /** The mail message P1 sender */ - MailMessageP1Sender = "MailMessageP1Sender", - /** The mail message P2 sender */ - MailMessageP2Sender = "MailMessageP2Sender", - /** The malware category */ - MalwareCategory = "MalwareCategory", - /** The malware name */ - MalwareName = "MalwareName", - /** The process execution command line */ - ProcessCommandLine = "ProcessCommandLine", - /** The process id */ - ProcessId = "ProcessId", - /** The registry key path */ - RegistryKey = "RegistryKey", - /** The registry key value in string formatted representation */ - RegistryValueData = "RegistryValueData", - /** The url */ - Url = "Url" -} - -/** - * Defines values for AutomationRulePropertyConditionSupportedProperty. \ - * {@link KnownAutomationRulePropertyConditionSupportedProperty} can be used interchangeably with AutomationRulePropertyConditionSupportedProperty, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **IncidentTitle**: The title of the incident \ - * **IncidentDescription**: The description of the incident \ - * **IncidentSeverity**: The severity of the incident \ - * **IncidentStatus**: The status of the incident \ - * **IncidentTactics**: The tactics of the incident \ - * **IncidentRelatedAnalyticRuleIds**: The related Analytic rule ids of the incident \ - * **IncidentProviderName**: The provider name of the incident \ - * **AccountAadTenantId**: The account Azure Active Directory tenant id \ - * **AccountAadUserId**: The account Azure Active Directory user id. \ - * **AccountName**: The account name \ - * **AccountNTDomain**: The account NetBIOS domain name \ - * **AccountPUID**: The account Azure Active Directory Passport User ID \ - * **AccountSid**: The account security identifier \ - * **AccountObjectGuid**: The account unique identifier \ - * **AccountUPNSuffix**: The account user principal name suffix \ - * **AzureResourceResourceId**: The Azure resource id \ - * **AzureResourceSubscriptionId**: The Azure resource subscription id \ - * **CloudApplicationAppId**: The cloud application identifier \ - * **CloudApplicationAppName**: The cloud application name \ - * **DNSDomainName**: The dns record domain name \ - * **FileDirectory**: The file directory full path \ - * **FileName**: The file name without path \ - * **FileHashValue**: The file hash value \ - * **HostAzureID**: The host Azure resource id \ - * **HostName**: The host name without domain \ - * **HostNetBiosName**: The host NetBIOS name \ - * **HostNTDomain**: The host NT domain \ - * **HostOSVersion**: The host operating system \ - * **IoTDeviceId**: The IoT device id \ - * **IoTDeviceName**: The IoT device name \ - * **IoTDeviceType**: The IoT device type \ - * **IoTDeviceVendor**: The IoT device vendor \ - * **IoTDeviceModel**: The IoT device model \ - * **IoTDeviceOperatingSystem**: The IoT device operating system \ - * **IPAddress**: The IP address \ - * **MailboxDisplayName**: The mailbox display name \ - * **MailboxPrimaryAddress**: The mailbox primary address \ - * **MailboxUPN**: The mailbox user principal name \ - * **MailMessageDeliveryAction**: The mail message delivery action \ - * **MailMessageDeliveryLocation**: The mail message delivery location \ - * **MailMessageRecipient**: The mail message recipient \ - * **MailMessageSenderIP**: The mail message sender IP address \ - * **MailMessageSubject**: The mail message subject \ - * **MailMessageP1Sender**: The mail message P1 sender \ - * **MailMessageP2Sender**: The mail message P2 sender \ - * **MalwareCategory**: The malware category \ - * **MalwareName**: The malware name \ - * **ProcessCommandLine**: The process execution command line \ - * **ProcessId**: The process id \ - * **RegistryKey**: The registry key path \ - * **RegistryValueData**: The registry key value in string formatted representation \ - * **Url**: The url - */ -export type AutomationRulePropertyConditionSupportedProperty = string; - -/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */ -export enum KnownAutomationRulePropertyConditionSupportedOperator { - /** Evaluates if the property equals at least one of the condition values */ - Equals = "Equals", - /** Evaluates if the property does not equal any of the condition values */ - NotEquals = "NotEquals", - /** Evaluates if the property contains at least one of the condition values */ - Contains = "Contains", - /** Evaluates if the property does not contain any of the condition values */ - NotContains = "NotContains", - /** Evaluates if the property starts with any of the condition values */ - StartsWith = "StartsWith", - /** Evaluates if the property does not start with any of the condition values */ - NotStartsWith = "NotStartsWith", - /** Evaluates if the property ends with any of the condition values */ - EndsWith = "EndsWith", - /** Evaluates if the property does not end with any of the condition values */ - NotEndsWith = "NotEndsWith" -} - -/** - * Defines values for AutomationRulePropertyConditionSupportedOperator. \ - * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Equals**: Evaluates if the property equals at least one of the condition values \ - * **NotEquals**: Evaluates if the property does not equal any of the condition values \ - * **Contains**: Evaluates if the property contains at least one of the condition values \ - * **NotContains**: Evaluates if the property does not contain any of the condition values \ - * **StartsWith**: Evaluates if the property starts with any of the condition values \ - * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \ - * **EndsWith**: Evaluates if the property ends with any of the condition values \ - * **NotEndsWith**: Evaluates if the property does not end with any of the condition values - */ -export type AutomationRulePropertyConditionSupportedOperator = string; - -/** Known values of {@link EntityType} that the service accepts. */ -export enum KnownEntityType { - /** Entity represents account in the system. */ - Account = "Account", - /** Entity represents host in the system. */ - Host = "Host", - /** Entity represents file in the system. */ - File = "File", - /** Entity represents azure resource in the system. */ - AzureResource = "AzureResource", - /** Entity represents cloud application in the system. */ - CloudApplication = "CloudApplication", - /** Entity represents dns in the system. */ - DNS = "DNS", - /** Entity represents file hash in the system. */ - FileHash = "FileHash", - /** Entity represents ip in the system. */ - IP = "IP", - /** Entity represents malware in the system. */ - Malware = "Malware", - /** Entity represents process in the system. */ - Process = "Process", - /** Entity represents registry key in the system. */ - RegistryKey = "RegistryKey", - /** Entity represents registry value in the system. */ - RegistryValue = "RegistryValue", - /** Entity represents security group in the system. */ - SecurityGroup = "SecurityGroup", - /** Entity represents url in the system. */ - URL = "URL", - /** Entity represents IoT device in the system. */ - IoTDevice = "IoTDevice", - /** Entity represents security alert in the system. */ - SecurityAlert = "SecurityAlert", - /** Entity represents HuntingBookmark in the system. */ - HuntingBookmark = "HuntingBookmark", - /** Entity represents mail cluster in the system. */ - MailCluster = "MailCluster", - /** Entity represents mail message in the system. */ - MailMessage = "MailMessage", - /** Entity represents mailbox in the system. */ - Mailbox = "Mailbox", - /** Entity represents submission mail in the system. */ - SubmissionMail = "SubmissionMail" -} - -/** - * Defines values for EntityType. \ - * {@link KnownEntityType} can be used interchangeably with EntityType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Account**: Entity represents account in the system. \ - * **Host**: Entity represents host in the system. \ - * **File**: Entity represents file in the system. \ - * **AzureResource**: Entity represents azure resource in the system. \ - * **CloudApplication**: Entity represents cloud application in the system. \ - * **DNS**: Entity represents dns in the system. \ - * **FileHash**: Entity represents file hash in the system. \ - * **IP**: Entity represents ip in the system. \ - * **Malware**: Entity represents malware in the system. \ - * **Process**: Entity represents process in the system. \ - * **RegistryKey**: Entity represents registry key in the system. \ - * **RegistryValue**: Entity represents registry value in the system. \ - * **SecurityGroup**: Entity represents security group in the system. \ - * **URL**: Entity represents url in the system. \ - * **IoTDevice**: Entity represents IoT device in the system. \ - * **SecurityAlert**: Entity represents security alert in the system. \ - * **HuntingBookmark**: Entity represents HuntingBookmark in the system. \ - * **MailCluster**: Entity represents mail cluster in the system. \ - * **MailMessage**: Entity represents mail message in the system. \ - * **Mailbox**: Entity represents mailbox in the system. \ - * **SubmissionMail**: Entity represents submission mail in the system. - */ -export type EntityType = string; - -/** Known values of {@link OutputType} that the service accepts. */ -export enum KnownOutputType { - Number = "Number", - String = "String", - Date = "Date", - Entity = "Entity" -} - -/** - * Defines values for OutputType. \ - * {@link KnownOutputType} can be used interchangeably with OutputType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Number** \ - * **String** \ - * **Date** \ - * **Entity** - */ -export type OutputType = string; - -/** Known values of {@link UebaDataSources} that the service accepts. */ -export enum KnownUebaDataSources { - AuditLogs = "AuditLogs", - AzureActivity = "AzureActivity", - SecurityEvent = "SecurityEvent", - SigninLogs = "SigninLogs" -} - -/** - * Defines values for UebaDataSources. \ - * {@link KnownUebaDataSources} can be used interchangeably with UebaDataSources, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AuditLogs** \ - * **AzureActivity** \ - * **SecurityEvent** \ - * **SigninLogs** - */ -export type UebaDataSources = string; - -/** Known values of {@link SkuKind} that the service accepts. */ -export enum KnownSkuKind { - PerGB = "PerGB", - CapacityReservation = "CapacityReservation" -} - -/** - * Defines values for SkuKind. \ - * {@link KnownSkuKind} can be used interchangeably with SkuKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **PerGB** \ - * **CapacityReservation** - */ -export type SkuKind = string; - -/** Known values of {@link DataTypeState} that the service accepts. */ -export enum KnownDataTypeState { - Enabled = "Enabled", - Disabled = "Disabled" -} - -/** - * Defines values for DataTypeState. \ - * {@link KnownDataTypeState} can be used interchangeably with DataTypeState, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Enabled** \ - * **Disabled** - */ -export type DataTypeState = string; - -/** Known values of {@link PollingFrequency} that the service accepts. */ -export enum KnownPollingFrequency { - /** Once a minute */ - OnceAMinute = "OnceAMinute", - /** Once an hour */ - OnceAnHour = "OnceAnHour", - /** Once a day */ - OnceADay = "OnceADay" -} - -/** - * Defines values for PollingFrequency. \ - * {@link KnownPollingFrequency} can be used interchangeably with PollingFrequency, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **OnceAMinute**: Once a minute \ - * **OnceAnHour**: Once an hour \ - * **OnceADay**: Once a day - */ -export type PollingFrequency = string; - -/** Known values of {@link ConnectivityType} that the service accepts. */ -export enum KnownConnectivityType { - IsConnectedQuery = "IsConnectedQuery" -} - -/** - * Defines values for ConnectivityType. \ - * {@link KnownConnectivityType} can be used interchangeably with ConnectivityType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **IsConnectedQuery** - */ -export type ConnectivityType = string; - -/** Known values of {@link ProviderName} that the service accepts. */ -export enum KnownProviderName { - MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions", - MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces", - MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources", - MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", - MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys", - MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments" -} - -/** - * Defines values for ProviderName. \ - * {@link KnownProviderName} can be used interchangeably with ProviderName, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Microsoft.OperationalInsights\/solutions** \ - * **Microsoft.OperationalInsights\/workspaces** \ - * **Microsoft.OperationalInsights\/workspaces\/datasources** \ - * **microsoft.aadiam\/diagnosticSettings** \ - * **Microsoft.OperationalInsights\/workspaces\/sharedKeys** \ - * **Microsoft.Authorization\/policyAssignments** - */ -export type ProviderName = string; - -/** Known values of {@link PermissionProviderScope} that the service accepts. */ -export enum KnownPermissionProviderScope { - ResourceGroup = "ResourceGroup", - Subscription = "Subscription", - Workspace = "Workspace" -} - -/** - * Defines values for PermissionProviderScope. \ - * {@link KnownPermissionProviderScope} can be used interchangeably with PermissionProviderScope, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **ResourceGroup** \ - * **Subscription** \ - * **Workspace** - */ -export type PermissionProviderScope = string; - -/** Known values of {@link SettingType} that the service accepts. */ -export enum KnownSettingType { - CopyableLabel = "CopyableLabel", - InstructionStepsGroup = "InstructionStepsGroup", - InfoMessage = "InfoMessage" -} - -/** - * Defines values for SettingType. \ - * {@link KnownSettingType} can be used interchangeably with SettingType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **CopyableLabel** \ - * **InstructionStepsGroup** \ - * **InfoMessage** - */ -export type SettingType = string; - -/** Known values of {@link FileHashAlgorithm} that the service accepts. */ -export enum KnownFileHashAlgorithm { - /** Unknown hash algorithm */ - Unknown = "Unknown", - /** MD5 hash type */ - MD5 = "MD5", - /** SHA1 hash type */ - SHA1 = "SHA1", - /** SHA256 hash type */ - SHA256 = "SHA256", - /** SHA256 Authenticode hash type */ - SHA256AC = "SHA256AC" -} - -/** - * Defines values for FileHashAlgorithm. \ - * {@link KnownFileHashAlgorithm} can be used interchangeably with FileHashAlgorithm, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: Unknown hash algorithm \ - * **MD5**: MD5 hash type \ - * **SHA1**: SHA1 hash type \ - * **SHA256**: SHA256 hash type \ - * **SHA256AC**: SHA256 Authenticode hash type - */ -export type FileHashAlgorithm = string; - -/** Known values of {@link AntispamMailDirection} that the service accepts. */ -export enum KnownAntispamMailDirection { - /** Unknown */ - Unknown = "Unknown", - /** Inbound */ - Inbound = "Inbound", - /** Outbound */ - Outbound = "Outbound", - /** Intraorg */ - Intraorg = "Intraorg" -} - -/** - * Defines values for AntispamMailDirection. \ - * {@link KnownAntispamMailDirection} can be used interchangeably with AntispamMailDirection, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: Unknown \ - * **Inbound**: Inbound \ - * **Outbound**: Outbound \ - * **Intraorg**: Intraorg - */ -export type AntispamMailDirection = string; - -/** Known values of {@link RegistryHive} that the service accepts. */ -export enum KnownRegistryHive { - /** HKEY_LOCAL_MACHINE */ - HkeyLocalMachine = "HKEY_LOCAL_MACHINE", - /** HKEY_CLASSES_ROOT */ - HkeyClassesRoot = "HKEY_CLASSES_ROOT", - /** HKEY_CURRENT_CONFIG */ - HkeyCurrentConfig = "HKEY_CURRENT_CONFIG", - /** HKEY_USERS */ - HkeyUsers = "HKEY_USERS", - /** HKEY_CURRENT_USER_LOCAL_SETTINGS */ - HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS", - /** HKEY_PERFORMANCE_DATA */ - HkeyPerformanceData = "HKEY_PERFORMANCE_DATA", - /** HKEY_PERFORMANCE_NLSTEXT */ - HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT", - /** HKEY_PERFORMANCE_TEXT */ - HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT", - /** HKEY_A */ - HkeyA = "HKEY_A", - /** HKEY_CURRENT_USER */ - HkeyCurrentUser = "HKEY_CURRENT_USER" -} - -/** - * Defines values for RegistryHive. \ - * {@link KnownRegistryHive} can be used interchangeably with RegistryHive, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **HKEY_LOCAL_MACHINE**: HKEY_LOCAL_MACHINE \ - * **HKEY_CLASSES_ROOT**: HKEY_CLASSES_ROOT \ - * **HKEY_CURRENT_CONFIG**: HKEY_CURRENT_CONFIG \ - * **HKEY_USERS**: HKEY_USERS \ - * **HKEY_CURRENT_USER_LOCAL_SETTINGS**: HKEY_CURRENT_USER_LOCAL_SETTINGS \ - * **HKEY_PERFORMANCE_DATA**: HKEY_PERFORMANCE_DATA \ - * **HKEY_PERFORMANCE_NLSTEXT**: HKEY_PERFORMANCE_NLSTEXT \ - * **HKEY_PERFORMANCE_TEXT**: HKEY_PERFORMANCE_TEXT \ - * **HKEY_A**: HKEY_A \ - * **HKEY_CURRENT_USER**: HKEY_CURRENT_USER - */ -export type RegistryHive = string; - -/** Known values of {@link RegistryValueKind} that the service accepts. */ -export enum KnownRegistryValueKind { - /** None */ - None = "None", - /** Unknown value type */ - Unknown = "Unknown", - /** String value type */ - String = "String", - /** ExpandString value type */ - ExpandString = "ExpandString", - /** Binary value type */ - Binary = "Binary", - /** DWord value type */ - DWord = "DWord", - /** MultiString value type */ - MultiString = "MultiString", - /** QWord value type */ - QWord = "QWord" -} - -/** - * Defines values for RegistryValueKind. \ - * {@link KnownRegistryValueKind} can be used interchangeably with RegistryValueKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **None**: None \ - * **Unknown**: Unknown value type \ - * **String**: String value type \ - * **ExpandString**: ExpandString value type \ - * **Binary**: Binary value type \ - * **DWord**: DWord value type \ - * **MultiString**: MultiString value type \ - * **QWord**: QWord value type - */ -export type RegistryValueKind = string; -/** Defines values for TriggerOperator. */ -export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; -/** Defines values for OSFamily. */ -export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown"; -/** Defines values for DeliveryAction. */ -export type DeliveryAction = - | "Unknown" - | "DeliveredAsSpam" - | "Delivered" - | "Blocked" - | "Replaced"; -/** Defines values for DeliveryLocation. */ -export type DeliveryLocation = - | "Unknown" - | "Inbox" - | "JunkFolder" - | "DeletedFolder" - | "Quarantine" - | "External" - | "Failed" - | "Dropped" - | "Forwarded"; -/** Defines values for ElevationToken. */ -export type ElevationToken = "Default" | "Full" | "Limited"; - -/** Optional parameters. */ -export interface AlertRulesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type AlertRulesListResponse = AlertRulesList; - -/** Optional parameters. */ -export interface AlertRulesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type AlertRulesGetResponse = AlertRuleUnion; - -/** Optional parameters. */ -export interface AlertRulesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion; - -/** Optional parameters. */ -export interface AlertRulesDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface AlertRulesListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type AlertRulesListNextResponse = AlertRulesList; - -/** Optional parameters. */ -export interface ActionsListByAlertRuleOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listByAlertRule operation. */ -export type ActionsListByAlertRuleResponse = ActionsList; - -/** Optional parameters. */ -export interface ActionsGetOptionalParams extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type ActionsGetResponse = ActionResponse; - -/** Optional parameters. */ -export interface ActionsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type ActionsCreateOrUpdateResponse = ActionResponse; - -/** Optional parameters. */ -export interface ActionsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface ActionsListByAlertRuleNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listByAlertRuleNext operation. */ -export type ActionsListByAlertRuleNextResponse = ActionsList; - -/** Optional parameters. */ -export interface AlertRuleTemplatesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; - -/** Optional parameters. */ -export interface AlertRuleTemplatesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion; - -/** Optional parameters. */ -export interface AlertRuleTemplatesListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; - -/** Optional parameters. */ -export interface AutomationRulesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type AutomationRulesListResponse = AutomationRulesList; - -/** Optional parameters. */ -export interface AutomationRulesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type AutomationRulesGetResponse = AutomationRule; - -/** Optional parameters. */ -export interface AutomationRulesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type AutomationRulesCreateOrUpdateResponse = AutomationRule; - -/** Optional parameters. */ -export interface AutomationRulesDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface AutomationRulesListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type AutomationRulesListNextResponse = AutomationRulesList; - -/** Optional parameters. */ -export interface BookmarksListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type BookmarksListResponse = BookmarkList; - -/** Optional parameters. */ -export interface BookmarksGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type BookmarksGetResponse = Bookmark; - -/** Optional parameters. */ -export interface BookmarksCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type BookmarksCreateOrUpdateResponse = Bookmark; - -/** Optional parameters. */ -export interface BookmarksDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface BookmarksListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type BookmarksListNextResponse = BookmarkList; - -/** Optional parameters. */ -export interface BookmarkRelationsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the list operation. */ -export type BookmarkRelationsListResponse = RelationList; - -/** Optional parameters. */ -export interface BookmarkRelationsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type BookmarkRelationsGetResponse = Relation; - -/** Optional parameters. */ -export interface BookmarkRelationsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type BookmarkRelationsCreateOrUpdateResponse = Relation; - -/** Optional parameters. */ -export interface BookmarkRelationsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface BookmarkRelationsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the listNext operation. */ -export type BookmarkRelationsListNextResponse = RelationList; - -/** Optional parameters. */ -export interface BookmarkExpandOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the expand operation. */ -export type BookmarkExpandOperationResponse = BookmarkExpandResponse; - -/** Optional parameters. */ -export interface IPGeodataGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type IPGeodataGetResponse = EnrichmentIpGeodata; - -/** Optional parameters. */ -export interface DomainWhoisGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type DomainWhoisGetResponse = EnrichmentDomainWhois; - -/** Optional parameters. */ -export interface EntityQueriesListOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the list operation. */ -export type EntityQueriesListResponse = EntityQueryList; - -/** Optional parameters. */ -export interface EntityQueriesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type EntityQueriesGetResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface EntityQueriesListNextOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the listNext operation. */ -export type EntityQueriesListNextResponse = EntityQueryList; - -/** Optional parameters. */ -export interface EntitiesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type EntitiesListResponse = EntityList; - -/** Optional parameters. */ -export interface EntitiesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type EntitiesGetResponse = EntityUnion; - -/** Optional parameters. */ -export interface EntitiesExpandOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the expand operation. */ -export type EntitiesExpandResponse = EntityExpandResponse; - -/** Optional parameters. */ -export interface EntitiesQueriesOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the queries operation. */ -export type EntitiesQueriesResponse = GetQueriesResponse; - -/** Optional parameters. */ -export interface EntitiesGetInsightsOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the getInsights operation. */ -export type EntitiesGetInsightsResponse = EntityGetInsightsResponse; - -/** Optional parameters. */ -export interface EntitiesListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type EntitiesListNextResponse = EntityList; - -/** Optional parameters. */ -export interface EntitiesGetTimelineListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type EntitiesGetTimelineListResponse = EntityTimelineResponse; - -/** Optional parameters. */ -export interface EntitiesRelationsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the list operation. */ -export type EntitiesRelationsListResponse = RelationList; - -/** Optional parameters. */ -export interface EntitiesRelationsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the listNext operation. */ -export type EntitiesRelationsListNextResponse = RelationList; - -/** Optional parameters. */ -export interface EntityRelationsGetRelationOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the getRelation operation. */ -export type EntityRelationsGetRelationResponse = Relation; - -/** Optional parameters. */ -export interface IncidentsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the list operation. */ -export type IncidentsListResponse = IncidentList; - -/** Optional parameters. */ -export interface IncidentsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type IncidentsGetResponse = Incident; - -/** Optional parameters. */ -export interface IncidentsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type IncidentsCreateOrUpdateResponse = Incident; - -/** Optional parameters. */ -export interface IncidentsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface IncidentsCreateTeamOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createTeam operation. */ -export type IncidentsCreateTeamResponse = TeamInformation; - -/** Optional parameters. */ -export interface IncidentsListAlertsOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listAlerts operation. */ -export type IncidentsListAlertsResponse = IncidentAlertList; - -/** Optional parameters. */ -export interface IncidentsListBookmarksOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listBookmarks operation. */ -export type IncidentsListBookmarksResponse = IncidentBookmarkList; - -/** Optional parameters. */ -export interface IncidentsListEntitiesOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listEntities operation. */ -export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; - -/** Optional parameters. */ -export interface IncidentsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the listNext operation. */ -export type IncidentsListNextResponse = IncidentList; - -/** Optional parameters. */ -export interface IncidentCommentsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the list operation. */ -export type IncidentCommentsListResponse = IncidentCommentList; - -/** Optional parameters. */ -export interface IncidentCommentsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type IncidentCommentsGetResponse = IncidentComment; +/** Known values of {@link CaseSeverity} that the service accepts. */ +export enum KnownCaseSeverity { + /** Critical severity */ + Critical = "Critical", + /** High severity */ + High = "High", + /** Medium severity */ + Medium = "Medium", + /** Low severity */ + Low = "Low", + /** Informational severity */ + Informational = "Informational" +} -/** Optional parameters. */ -export interface IncidentCommentsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for CaseSeverity. \ + * {@link KnownCaseSeverity} can be used interchangeably with CaseSeverity, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Critical**: Critical severity \ + * **High**: High severity \ + * **Medium**: Medium severity \ + * **Low**: Low severity \ + * **Informational**: Informational severity + */ +export type CaseSeverity = string; -/** Contains response data for the createOrUpdate operation. */ -export type IncidentCommentsCreateOrUpdateResponse = IncidentComment; +/** Known values of {@link DataConnectorKind} that the service accepts. */ +export enum KnownDataConnectorKind { + AzureActiveDirectory = "AzureActiveDirectory", + AzureSecurityCenter = "AzureSecurityCenter", + MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", + ThreatIntelligence = "ThreatIntelligence", + Office365 = "Office365", + AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", + AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", + MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection" +} -/** Optional parameters. */ -export interface IncidentCommentsDeleteOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for DataConnectorKind. \ + * {@link KnownDataConnectorKind} can be used interchangeably with DataConnectorKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AzureActiveDirectory** \ + * **AzureSecurityCenter** \ + * **MicrosoftCloudAppSecurity** \ + * **ThreatIntelligence** \ + * **Office365** \ + * **AmazonWebServicesCloudTrail** \ + * **AzureAdvancedThreatProtection** \ + * **MicrosoftDefenderAdvancedThreatProtection** + */ +export type DataConnectorKind = string; -/** Optional parameters. */ -export interface IncidentCommentsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; +/** Known values of {@link AttackTactic} that the service accepts. */ +export enum KnownAttackTactic { + InitialAccess = "InitialAccess", + Execution = "Execution", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + DefenseEvasion = "DefenseEvasion", + CredentialAccess = "CredentialAccess", + Discovery = "Discovery", + LateralMovement = "LateralMovement", + Collection = "Collection", + Exfiltration = "Exfiltration", + CommandAndControl = "CommandAndControl", + Impact = "Impact" } -/** Contains response data for the listNext operation. */ -export type IncidentCommentsListNextResponse = IncidentCommentList; +/** + * Defines values for AttackTactic. \ + * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **InitialAccess** \ + * **Execution** \ + * **Persistence** \ + * **PrivilegeEscalation** \ + * **DefenseEvasion** \ + * **CredentialAccess** \ + * **Discovery** \ + * **LateralMovement** \ + * **Collection** \ + * **Exfiltration** \ + * **CommandAndControl** \ + * **Impact** + */ +export type AttackTactic = string; -/** Optional parameters. */ -export interface IncidentRelationsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; +/** Known values of {@link IncidentClassification} that the service accepts. */ +export enum KnownIncidentClassification { + /** Incident classification was undetermined */ + Undetermined = "Undetermined", + /** Incident was true positive */ + TruePositive = "TruePositive", + /** Incident was benign positive */ + BenignPositive = "BenignPositive", + /** Incident was false positive */ + FalsePositive = "FalsePositive" } -/** Contains response data for the list operation. */ -export type IncidentRelationsListResponse = RelationList; - -/** Optional parameters. */ -export interface IncidentRelationsGetOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for IncidentClassification. \ + * {@link KnownIncidentClassification} can be used interchangeably with IncidentClassification, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Undetermined**: Incident classification was undetermined \ + * **TruePositive**: Incident was true positive \ + * **BenignPositive**: Incident was benign positive \ + * **FalsePositive**: Incident was false positive + */ +export type IncidentClassification = string; -/** Contains response data for the get operation. */ -export type IncidentRelationsGetResponse = Relation; +/** Known values of {@link IncidentClassificationReason} that the service accepts. */ +export enum KnownIncidentClassificationReason { + /** Classification reason was suspicious activity */ + SuspiciousActivity = "SuspiciousActivity", + /** Classification reason was suspicious but expected */ + SuspiciousButExpected = "SuspiciousButExpected", + /** Classification reason was incorrect alert logic */ + IncorrectAlertLogic = "IncorrectAlertLogic", + /** Classification reason was inaccurate data */ + InaccurateData = "InaccurateData" +} -/** Optional parameters. */ -export interface IncidentRelationsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for IncidentClassificationReason. \ + * {@link KnownIncidentClassificationReason} can be used interchangeably with IncidentClassificationReason, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **SuspiciousActivity**: Classification reason was suspicious activity \ + * **SuspiciousButExpected**: Classification reason was suspicious but expected \ + * **IncorrectAlertLogic**: Classification reason was incorrect alert logic \ + * **InaccurateData**: Classification reason was inaccurate data + */ +export type IncidentClassificationReason = string; -/** Contains response data for the createOrUpdate operation. */ -export type IncidentRelationsCreateOrUpdateResponse = Relation; +/** Known values of {@link IncidentLabelType} that the service accepts. */ +export enum KnownIncidentLabelType { + /** Label manually created by a user */ + User = "User", + /** Label automatically created by the system */ + System = "System" +} -/** Optional parameters. */ -export interface IncidentRelationsDeleteOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for IncidentLabelType. \ + * {@link KnownIncidentLabelType} can be used interchangeably with IncidentLabelType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **User**: Label manually created by a user \ + * **System**: Label automatically created by the system + */ +export type IncidentLabelType = string; -/** Optional parameters. */ -export interface IncidentRelationsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; +/** Known values of {@link IncidentSeverity} that the service accepts. */ +export enum KnownIncidentSeverity { + /** High severity */ + High = "High", + /** Medium severity */ + Medium = "Medium", + /** Low severity */ + Low = "Low", + /** Informational severity */ + Informational = "Informational" } -/** Contains response data for the listNext operation. */ -export type IncidentRelationsListNextResponse = RelationList; +/** + * Defines values for IncidentSeverity. \ + * {@link KnownIncidentSeverity} can be used interchangeably with IncidentSeverity, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **High**: High severity \ + * **Medium**: Medium severity \ + * **Low**: Low severity \ + * **Informational**: Informational severity + */ +export type IncidentSeverity = string; -/** Optional parameters. */ -export interface MetadataListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */ - skip?: number; +/** Known values of {@link IncidentStatus} that the service accepts. */ +export enum KnownIncidentStatus { + /** An active incident which isn't being handled currently */ + New = "New", + /** An active incident which is being handled */ + Active = "Active", + /** A non-active incident */ + Closed = "Closed" } -/** Contains response data for the list operation. */ -export type MetadataListResponse = MetadataList; - -/** Optional parameters. */ -export interface MetadataGetOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for IncidentStatus. \ + * {@link KnownIncidentStatus} can be used interchangeably with IncidentStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **New**: An active incident which isn't being handled currently \ + * **Active**: An active incident which is being handled \ + * **Closed**: A non-active incident + */ +export type IncidentStatus = string; -/** Contains response data for the get operation. */ -export type MetadataGetResponse = MetadataModel; +/** Known values of {@link AlertSeverity} that the service accepts. */ +export enum KnownAlertSeverity { + /** High severity */ + High = "High", + /** Medium severity */ + Medium = "Medium", + /** Low severity */ + Low = "Low", + /** Informational severity */ + Informational = "Informational" +} -/** Optional parameters. */ -export interface MetadataDeleteOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for AlertSeverity. \ + * {@link KnownAlertSeverity} can be used interchangeably with AlertSeverity, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **High**: High severity \ + * **Medium**: Medium severity \ + * **Low**: Low severity \ + * **Informational**: Informational severity + */ +export type AlertSeverity = string; -/** Optional parameters. */ -export interface MetadataCreateOptionalParams - extends coreClient.OperationOptions {} +/** Known values of {@link TemplateStatus} that the service accepts. */ +export enum KnownTemplateStatus { + /** Alert rule template installed. and can not use more then once */ + Installed = "Installed", + /** Alert rule template is available. */ + Available = "Available", + /** Alert rule template is not available */ + NotAvailable = "NotAvailable" +} -/** Contains response data for the create operation. */ -export type MetadataCreateResponse = MetadataModel; +/** + * Defines values for TemplateStatus. \ + * {@link KnownTemplateStatus} can be used interchangeably with TemplateStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Installed**: Alert rule template installed. and can not use more then once \ + * **Available**: Alert rule template is available. \ + * **NotAvailable**: Alert rule template is not available + */ +export type TemplateStatus = string; -/** Optional parameters. */ -export interface MetadataUpdateOptionalParams - extends coreClient.OperationOptions {} +/** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */ +export enum KnownMicrosoftSecurityProductName { + MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", + AzureSecurityCenter = "Azure Security Center", + AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", + AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", + AzureSecurityCenterForIoT = "Azure Security Center for IoT" +} -/** Contains response data for the update operation. */ -export type MetadataUpdateResponse = MetadataModel; +/** + * Defines values for MicrosoftSecurityProductName. \ + * {@link KnownMicrosoftSecurityProductName} can be used interchangeably with MicrosoftSecurityProductName, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Microsoft Cloud App Security** \ + * **Azure Security Center** \ + * **Azure Advanced Threat Protection** \ + * **Azure Active Directory Identity Protection** \ + * **Azure Security Center for IoT** + */ +export type MicrosoftSecurityProductName = string; -/** Optional parameters. */ -export interface MetadataListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */ - skip?: number; +/** Known values of {@link DataTypeState} that the service accepts. */ +export enum KnownDataTypeState { + Enabled = "Enabled", + Disabled = "Disabled" } -/** Contains response data for the listNext operation. */ -export type MetadataListNextResponse = MetadataList; +/** + * Defines values for DataTypeState. \ + * {@link KnownDataTypeState} can be used interchangeably with DataTypeState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Enabled** \ + * **Disabled** + */ +export type DataTypeState = string; -/** Optional parameters. */ -export interface SentinelOnboardingStatesGetOptionalParams - extends coreClient.OperationOptions {} +/** Known values of {@link SettingKind} that the service accepts. */ +export enum KnownSettingKind { + UebaSettings = "UebaSettings", + ToggleSettings = "ToggleSettings" +} -/** Contains response data for the get operation. */ -export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState; +/** + * Defines values for SettingKind. \ + * {@link KnownSettingKind} can be used interchangeably with SettingKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **UebaSettings** \ + * **ToggleSettings** + */ +export type SettingKind = string; -/** Optional parameters. */ -export interface SentinelOnboardingStatesCreateOptionalParams - extends coreClient.OperationOptions { - /** The Sentinel onboarding state parameter */ - sentinelOnboardingStateParameter?: SentinelOnboardingState; +/** Known values of {@link LicenseStatus} that the service accepts. */ +export enum KnownLicenseStatus { + Enabled = "Enabled", + Disabled = "Disabled" } -/** Contains response data for the create operation. */ -export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState; - -/** Optional parameters. */ -export interface SentinelOnboardingStatesDeleteOptionalParams - extends coreClient.OperationOptions {} +/** + * Defines values for LicenseStatus. \ + * {@link KnownLicenseStatus} can be used interchangeably with LicenseStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Enabled** \ + * **Disabled** + */ +export type LicenseStatus = string; -/** Optional parameters. */ -export interface SentinelOnboardingStatesListOptionalParams - extends coreClient.OperationOptions {} +/** Known values of {@link StatusInMcas} that the service accepts. */ +export enum KnownStatusInMcas { + Enabled = "Enabled", + Disabled = "Disabled" +} -/** Contains response data for the list operation. */ -export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; +/** + * Defines values for StatusInMcas. \ + * {@link KnownStatusInMcas} can be used interchangeably with StatusInMcas, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Enabled** \ + * **Disabled** + */ +export type StatusInMcas = string; +/** Defines values for TriggerOperator. */ +export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; /** Optional parameters. */ -export interface ProductSettingsListOptionalParams +export interface AlertRulesListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type ProductSettingsListResponse = SettingList; +export type AlertRulesListResponse = AlertRulesList; /** Optional parameters. */ -export interface ProductSettingsGetOptionalParams +export interface AlertRulesGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type ProductSettingsGetResponse = SettingsUnion; - -/** Optional parameters. */ -export interface ProductSettingsDeleteOptionalParams - extends coreClient.OperationOptions {} +export type AlertRulesGetResponse = AlertRuleUnion; /** Optional parameters. */ -export interface ProductSettingsUpdateOptionalParams +export interface AlertRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the update operation. */ -export type ProductSettingsUpdateResponse = SettingsUnion; +/** Contains response data for the createOrUpdate operation. */ +export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion; /** Optional parameters. */ -export interface SourceControlListRepositoriesOptionalParams +export interface AlertRulesDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listRepositories operation. */ -export type SourceControlListRepositoriesResponse = RepoList; - /** Optional parameters. */ -export interface SourceControlListRepositoriesNextOptionalParams +export interface AlertRulesListNextOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listRepositoriesNext operation. */ -export type SourceControlListRepositoriesNextResponse = RepoList; +/** Contains response data for the listNext operation. */ +export type AlertRulesListNextResponse = AlertRulesList; /** Optional parameters. */ -export interface SourceControlsListOptionalParams +export interface ActionsListByAlertRuleOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the list operation. */ -export type SourceControlsListResponse = SourceControlList; +/** Contains response data for the listByAlertRule operation. */ +export type ActionsListByAlertRuleResponse = ActionsList; /** Optional parameters. */ -export interface SourceControlsGetOptionalParams - extends coreClient.OperationOptions {} +export interface ActionsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type SourceControlsGetResponse = SourceControl; +export type ActionsGetResponse = ActionResponse; /** Optional parameters. */ -export interface SourceControlsDeleteOptionalParams +export interface ActionsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the createOrUpdate operation. */ +export type ActionsCreateOrUpdateResponse = ActionResponse; + /** Optional parameters. */ -export interface SourceControlsCreateOptionalParams +export interface ActionsDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the create operation. */ -export type SourceControlsCreateResponse = SourceControl; - /** Optional parameters. */ -export interface SourceControlsListNextOptionalParams +export interface ActionsListByAlertRuleNextOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listNext operation. */ -export type SourceControlsListNextResponse = SourceControlList; +/** Contains response data for the listByAlertRuleNext operation. */ +export type ActionsListByAlertRuleNextResponse = ActionsList; /** Optional parameters. */ -export interface WatchlistsListOptionalParams +export interface AlertRuleTemplatesListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type WatchlistsListResponse = WatchlistList; +export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; /** Optional parameters. */ -export interface WatchlistsGetOptionalParams +export interface AlertRuleTemplatesGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type WatchlistsGetResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistsCreateOrUpdateResponse = Watchlist; +export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion; /** Optional parameters. */ -export interface WatchlistsListNextOptionalParams +export interface AlertRuleTemplatesListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type WatchlistsListNextResponse = WatchlistList; +export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; /** Optional parameters. */ -export interface WatchlistItemsListOptionalParams +export interface BookmarksListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type WatchlistItemsListResponse = WatchlistItemList; +export type BookmarksListResponse = BookmarkList; /** Optional parameters. */ -export interface WatchlistItemsGetOptionalParams +export interface BookmarksGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type WatchlistItemsGetResponse = WatchlistItem; +export type BookmarksGetResponse = Bookmark; /** Optional parameters. */ -export interface WatchlistItemsDeleteOptionalParams +export interface BookmarksCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the createOrUpdate operation. */ +export type BookmarksCreateOrUpdateResponse = Bookmark; + /** Optional parameters. */ -export interface WatchlistItemsCreateOrUpdateOptionalParams +export interface BookmarksDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; - /** Optional parameters. */ -export interface WatchlistItemsListNextOptionalParams +export interface BookmarksListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type WatchlistItemsListNextResponse = WatchlistItemList; +export type BookmarksListNextResponse = BookmarkList; /** Optional parameters. */ export interface DataConnectorsListOptionalParams @@ -8166,14 +1443,6 @@ export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions {} -/** Optional parameters. */ -export interface DataConnectorsConnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsDisconnectOptionalParams - extends coreClient.OperationOptions {} - /** Optional parameters. */ export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions {} @@ -8182,64 +1451,55 @@ export interface DataConnectorsListNextOptionalParams export type DataConnectorsListNextResponse = DataConnectorList; /** Optional parameters. */ -export interface DataConnectorsCheckRequirementsPostOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the post operation. */ -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - -/** Optional parameters. */ -export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams +export interface OperationsListOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the createIndicator operation. */ -export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion; +/** Contains response data for the list operation. */ +export type OperationsListResponse = OperationsList; /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorGetOptionalParams +export interface OperationsListNextOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the get operation. */ -export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion; +/** Contains response data for the listNext operation. */ +export type OperationsListNextResponse = OperationsList; /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorCreateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the create operation. */ -export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion; +export interface IncidentsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} -/** Optional parameters. */ -export interface ThreatIntelligenceIndicatorDeleteOptionalParams - extends coreClient.OperationOptions {} +/** Contains response data for the list operation. */ +export type IncidentsListResponse = IncidentList; /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams +export interface IncidentsGetOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the queryIndicators operation. */ -export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList; - -/** Optional parameters. */ -export interface ThreatIntelligenceIndicatorAppendTagsOptionalParams - extends coreClient.OperationOptions {} +/** Contains response data for the get operation. */ +export type IncidentsGetResponse = Incident; /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorReplaceTagsOptionalParams +export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the replaceTags operation. */ -export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion; +/** Contains response data for the createOrUpdate operation. */ +export type IncidentsCreateOrUpdateResponse = Incident; /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams +export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the queryIndicatorsNext operation. */ -export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList; - /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorsListOptionalParams +export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions { /** Filters the results, based on a Boolean condition. Optional. */ filter?: string; @@ -8251,11 +1511,11 @@ export interface ThreatIntelligenceIndicatorsListOptionalParams skipToken?: string; } -/** Contains response data for the list operation. */ -export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; +/** Contains response data for the listNext operation. */ +export type IncidentsListNextResponse = IncidentList; /** Optional parameters. */ -export interface ThreatIntelligenceIndicatorsListNextOptionalParams +export interface IncidentCommentsListByIncidentOptionalParams extends coreClient.OperationOptions { /** Filters the results, based on a Boolean condition. Optional. */ filter?: string; @@ -8267,75 +1527,38 @@ export interface ThreatIntelligenceIndicatorsListNextOptionalParams skipToken?: string; } -/** Contains response data for the listNext operation. */ -export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList; - -/** Optional parameters. */ -export interface ThreatIntelligenceIndicatorMetricsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; - -/** Optional parameters. */ -export interface OperationsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type OperationsListResponse = OperationsList; - -/** Optional parameters. */ -export interface OperationsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type OperationsListNextResponse = OperationsList; - -/** Optional parameters. */ -export interface OfficeConsentsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type OfficeConsentsListResponse = OfficeConsentList; +/** Contains response data for the listByIncident operation. */ +export type IncidentCommentsListByIncidentResponse = IncidentCommentList; /** Optional parameters. */ -export interface OfficeConsentsGetOptionalParams +export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type OfficeConsentsGetResponse = OfficeConsent; - -/** Optional parameters. */ -export interface OfficeConsentsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface OfficeConsentsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type OfficeConsentsListNextResponse = OfficeConsentList; - -/** Optional parameters. */ -export interface EntityQueryTemplatesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; +export type IncidentCommentsGetResponse = IncidentComment; /** Optional parameters. */ -export interface EntityQueryTemplatesGetOptionalParams +export interface IncidentCommentsCreateCommentOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the get operation. */ -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; +/** Contains response data for the createComment operation. */ +export type IncidentCommentsCreateCommentResponse = IncidentComment; /** Optional parameters. */ -export interface EntityQueryTemplatesListNextOptionalParams - extends coreClient.OperationOptions {} +export interface IncidentCommentsListByIncidentNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} -/** Contains response data for the listNext operation. */ -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; +/** Contains response data for the listByIncidentNext operation. */ +export type IncidentCommentsListByIncidentNextResponse = IncidentCommentList; /** Optional parameters. */ export interface SecurityInsightsOptionalParams diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts index dee7eb969f7d..df7bfaf71681 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -37,10 +37,10 @@ export const AlertRulesList: coreClient.CompositeMapper = { } }; -export const Resource: coreClient.CompositeMapper = { +export const ResourceWithEtag: coreClient.CompositeMapper = { type: { name: "Composite", - className: "Resource", + className: "ResourceWithEtag", modelProperties: { id: { serializedName: "id", @@ -63,57 +63,11 @@ export const Resource: coreClient.CompositeMapper = { name: "String" } }, - systemData: { - serializedName: "systemData", - type: { - name: "Composite", - className: "SystemData" - } - } - } - } -}; - -export const SystemData: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SystemData", - modelProperties: { - createdBy: { - serializedName: "createdBy", - type: { - name: "String" - } - }, - createdByType: { - serializedName: "createdByType", - type: { - name: "String" - } - }, - createdAt: { - serializedName: "createdAt", - type: { - name: "DateTime" - } - }, - lastModifiedBy: { - serializedName: "lastModifiedBy", - type: { - name: "String" - } - }, - lastModifiedByType: { - serializedName: "lastModifiedByType", + etag: { + serializedName: "etag", type: { name: "String" } - }, - lastModifiedAt: { - serializedName: "lastModifiedAt", - type: { - name: "DateTime" - } } } } @@ -128,17 +82,17 @@ export const CloudError: coreClient.CompositeMapper = { serializedName: "error", type: { name: "Composite", - className: "CloudErrorBody" + className: "ErrorResponse" } } } } }; -export const CloudErrorBody: coreClient.CompositeMapper = { +export const ErrorResponse: coreClient.CompositeMapper = { type: { name: "Composite", - className: "CloudErrorBody", + className: "ErrorResponse", modelProperties: { code: { serializedName: "code", @@ -153,89 +107,72 @@ export const CloudErrorBody: coreClient.CompositeMapper = { type: { name: "String" } - } - } - } -}; - -export const ActionsList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionsList", - modelProperties: { - nextLink: { - serializedName: "nextLink", + }, + target: { + serializedName: "target", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + details: { + serializedName: "details", + readOnly: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "ActionResponse" + className: "ErrorResponse" } } } - } - } - } -}; - -export const ActionPropertiesBase: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionPropertiesBase", - modelProperties: { - logicAppResourceId: { - serializedName: "logicAppResourceId", - required: true, + }, + additionalInfo: { + serializedName: "additionalInfo", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ErrorAdditionalInfo" + } + } } } } } }; -export const AlertRuleTemplatesList: coreClient.CompositeMapper = { +export const ErrorAdditionalInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AlertRuleTemplatesList", + className: "ErrorAdditionalInfo", modelProperties: { - nextLink: { - serializedName: "nextLink", + type: { + serializedName: "type", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + info: { + serializedName: "info", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplate" - } - } + name: "Dictionary", + value: { type: { name: "any" } } } } } } }; -export const AutomationRulesList: coreClient.CompositeMapper = { +export const ActionsList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRulesList", + className: "ActionsList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -252,7 +189,7 @@ export const AutomationRulesList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "AutomationRule" + className: "ActionResponse" } } } @@ -261,95 +198,44 @@ export const AutomationRulesList: coreClient.CompositeMapper = { } }; -export const AutomationRuleTriggeringLogic: coreClient.CompositeMapper = { +export const ActionPropertiesBase: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRuleTriggeringLogic", + className: "ActionPropertiesBase", modelProperties: { - isEnabled: { - serializedName: "isEnabled", - required: true, - type: { - name: "Boolean" - } - }, - expirationTimeUtc: { - serializedName: "expirationTimeUtc", - type: { - name: "DateTime" - } - }, - triggersOn: { - serializedName: "triggersOn", - required: true, - type: { - name: "String" - } - }, - triggersWhen: { - serializedName: "triggersWhen", + logicAppResourceId: { + serializedName: "logicAppResourceId", required: true, type: { name: "String" } - }, - conditions: { - serializedName: "conditions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AutomationRuleCondition" - } - } - } } } } }; -export const AutomationRuleCondition: coreClient.CompositeMapper = { +export const Resource: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRuleCondition", - uberParent: "AutomationRuleCondition", - polymorphicDiscriminator: { - serializedName: "conditionType", - clientName: "conditionType" - }, + className: "Resource", modelProperties: { - conditionType: { - serializedName: "conditionType", - required: true, + id: { + serializedName: "id", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const AutomationRuleAction: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRuleAction", - uberParent: "AutomationRuleAction", - polymorphicDiscriminator: { - serializedName: "actionType", - clientName: "actionType" - }, - modelProperties: { - order: { - serializedName: "order", - required: true, + }, + name: { + serializedName: "name", + readOnly: true, type: { - name: "Number" + name: "String" } }, - actionType: { - serializedName: "actionType", - required: true, + type: { + serializedName: "type", + readOnly: true, type: { name: "String" } @@ -358,33 +244,29 @@ export const AutomationRuleAction: coreClient.CompositeMapper = { } }; -export const ClientInfo: coreClient.CompositeMapper = { +export const AlertRuleTemplatesList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ClientInfo", + className: "AlertRuleTemplatesList", modelProperties: { - email: { - serializedName: "email", - type: { - name: "String" - } - }, - name: { - serializedName: "name", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - objectId: { - serializedName: "objectId", - type: { - name: "Uuid" - } - }, - userPrincipalName: { - serializedName: "userPrincipalName", + value: { + serializedName: "value", + required: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplate" + } + } } } } @@ -441,6 +323,7 @@ export const UserInfo: coreClient.CompositeMapper = { }, objectId: { serializedName: "objectId", + required: true, nullable: true, type: { name: "Uuid" @@ -483,10 +366,10 @@ export const IncidentInfo: coreClient.CompositeMapper = { } }; -export const RelationList: coreClient.CompositeMapper = { +export const DataConnectorList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "RelationList", + className: "DataConnectorList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -503,7 +386,7 @@ export const RelationList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "Relation" + className: "DataConnector" } } } @@ -512,104 +395,87 @@ export const RelationList: coreClient.CompositeMapper = { } }; -export const BookmarkExpandParameters: coreClient.CompositeMapper = { +export const OperationsList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkExpandParameters", + className: "OperationsList", modelProperties: { - endTime: { - serializedName: "endTime", - type: { - name: "DateTime" - } - }, - expansionId: { - serializedName: "expansionId", + nextLink: { + serializedName: "nextLink", type: { - name: "Uuid" + name: "String" } }, - startTime: { - serializedName: "startTime", + value: { + serializedName: "value", + required: true, type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Operation" + } + } } } } } }; -export const BookmarkExpandResponse: coreClient.CompositeMapper = { +export const Operation: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkExpandResponse", + className: "Operation", modelProperties: { - metaData: { - serializedName: "metaData", + display: { + serializedName: "display", type: { name: "Composite", - className: "ExpansionResultsMetadata" + className: "OperationDisplay" } }, - value: { - serializedName: "value", + name: { + serializedName: "name", type: { - name: "Composite", - className: "BookmarkExpandResponseValue" + name: "String" + } + }, + origin: { + serializedName: "origin", + type: { + name: "String" } } } } }; -export const ExpansionResultsMetadata: coreClient.CompositeMapper = { +export const OperationDisplay: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ExpansionResultsMetadata", + className: "OperationDisplay", modelProperties: { - aggregations: { - serializedName: "aggregations", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ExpansionResultAggregation" - } - } - } - } - } - } -}; - -export const ExpansionResultAggregation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ExpansionResultAggregation", - modelProperties: { - aggregationType: { - serializedName: "aggregationType", + description: { + serializedName: "description", type: { name: "String" } }, - count: { - serializedName: "count", - required: true, + operation: { + serializedName: "operation", type: { - name: "Number" + name: "String" } }, - displayName: { - serializedName: "displayName", + provider: { + serializedName: "provider", type: { name: "String" } }, - entityKind: { - serializedName: "entityKind", - required: true, + resource: { + serializedName: "resource", type: { name: "String" } @@ -618,31 +484,27 @@ export const ExpansionResultAggregation: coreClient.CompositeMapper = { } }; -export const BookmarkExpandResponseValue: coreClient.CompositeMapper = { +export const IncidentList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkExpandResponseValue", + className: "IncidentList", modelProperties: { - entities: { - serializedName: "entities", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Entity" - } - } + name: "String" } }, - edges: { - serializedName: "edges", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "ConnectedEntity" + className: "Incident" } } } @@ -651,131 +513,170 @@ export const BookmarkExpandResponseValue: coreClient.CompositeMapper = { } }; -export const ConnectedEntity: coreClient.CompositeMapper = { +export const IncidentAdditionalData: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ConnectedEntity", + className: "IncidentAdditionalData", modelProperties: { - targetEntityId: { - serializedName: "targetEntityId", + alertsCount: { + serializedName: "alertsCount", + readOnly: true, type: { - name: "String" + name: "Number" } }, - additionalData: { - serializedName: "additionalData", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const EnrichmentIpGeodata: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EnrichmentIpGeodata", - modelProperties: { - asn: { - serializedName: "asn", + bookmarksCount: { + serializedName: "bookmarksCount", + readOnly: true, type: { - name: "String" + name: "Number" } }, - carrier: { - serializedName: "carrier", + commentsCount: { + serializedName: "commentsCount", + readOnly: true, type: { - name: "String" + name: "Number" } }, - city: { - serializedName: "city", + alertProductNames: { + serializedName: "alertProductNames", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - cityCf: { - serializedName: "cityCf", + tactics: { + serializedName: "tactics", + readOnly: true, type: { - name: "Number" + name: "Sequence", + element: { + type: { + name: "String" + } + } } - }, - continent: { - serializedName: "continent", + } + } + } +}; + +export const IncidentLabel: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentLabel", + modelProperties: { + labelName: { + serializedName: "labelName", + required: true, type: { name: "String" } }, - country: { - serializedName: "country", + labelType: { + serializedName: "labelType", + readOnly: true, type: { name: "String" } - }, - countryCf: { - serializedName: "countryCf", - type: { - name: "Number" - } - }, - ipAddr: { - serializedName: "ipAddr", + } + } + } +}; + +export const IncidentOwnerInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentOwnerInfo", + modelProperties: { + email: { + serializedName: "email", type: { name: "String" } }, - ipRoutingType: { - serializedName: "ipRoutingType", + assignedTo: { + serializedName: "assignedTo", type: { name: "String" } }, - latitude: { - serializedName: "latitude", + objectId: { + serializedName: "objectId", type: { - name: "String" + name: "Uuid" } }, - longitude: { - serializedName: "longitude", + userPrincipalName: { + serializedName: "userPrincipalName", type: { name: "String" } - }, - organization: { - serializedName: "organization", + } + } + } +}; + +export const IncidentCommentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentCommentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - organizationType: { - serializedName: "organizationType", + value: { + serializedName: "value", + required: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentComment" + } + } } - }, - region: { - serializedName: "region", + } + } + } +}; + +export const ClientInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ClientInfo", + modelProperties: { + email: { + serializedName: "email", type: { name: "String" } }, - state: { - serializedName: "state", + name: { + serializedName: "name", type: { name: "String" } }, - stateCf: { - serializedName: "stateCf", + objectId: { + serializedName: "objectId", type: { - name: "Number" + name: "Uuid" } }, - stateCode: { - serializedName: "stateCode", + userPrincipalName: { + serializedName: "userPrincipalName", type: { name: "String" } @@ -784,73 +685,50 @@ export const EnrichmentIpGeodata: coreClient.CompositeMapper = { } }; -export const EnrichmentDomainWhois: coreClient.CompositeMapper = { +export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhois", + className: "AlertRuleTemplateDataSource", modelProperties: { - domain: { - serializedName: "domain", - type: { - name: "String" - } - }, - server: { - serializedName: "server", + connectorId: { + serializedName: "connectorId", type: { name: "String" } }, - created: { - serializedName: "created", - type: { - name: "DateTime" - } - }, - updated: { - serializedName: "updated", - type: { - name: "DateTime" - } - }, - expires: { - serializedName: "expires", - type: { - name: "DateTime" - } - }, - parsedWhois: { - serializedName: "parsedWhois", + dataTypes: { + serializedName: "dataTypes", type: { - name: "Composite", - className: "EnrichmentDomainWhoisDetails" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const EnrichmentDomainWhoisDetails: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisDetails", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", modelProperties: { - registrar: { - serializedName: "registrar", - type: { - name: "Composite", - className: "EnrichmentDomainWhoisRegistrarDetails" - } - }, - contacts: { - serializedName: "contacts", + displayNamesFilter: { + serializedName: "displayNamesFilter", type: { - name: "Composite", - className: "EnrichmentDomainWhoisContacts" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - nameServers: { - serializedName: "nameServers", + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", type: { name: "Sequence", element: { @@ -860,8 +738,15 @@ export const EnrichmentDomainWhoisDetails: coreClient.CompositeMapper = { } } }, - statuses: { - serializedName: "statuses", + productFilter: { + serializedName: "productFilter", + required: true, + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "severitiesFilter", type: { name: "Sequence", element: { @@ -875,295 +760,197 @@ export const EnrichmentDomainWhoisDetails: coreClient.CompositeMapper = { } }; -export const EnrichmentDomainWhoisRegistrarDetails: coreClient.CompositeMapper = { +export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisRegistrarDetails", + className: "ScheduledAlertRuleCommonProperties", modelProperties: { - name: { - serializedName: "name", + query: { + serializedName: "query", type: { name: "String" } }, - abuseContactEmail: { - serializedName: "abuseContactEmail", + queryFrequency: { + serializedName: "queryFrequency", type: { - name: "String" + name: "TimeSpan" } }, - abuseContactPhone: { - serializedName: "abuseContactPhone", + queryPeriod: { + serializedName: "queryPeriod", type: { - name: "String" + name: "TimeSpan" } }, - ianaId: { - serializedName: "ianaId", + severity: { + serializedName: "severity", type: { name: "String" } }, - url: { - serializedName: "url", + triggerOperator: { + serializedName: "triggerOperator", type: { - name: "String" + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] } }, - whoisServer: { - serializedName: "whoisServer", + triggerThreshold: { + serializedName: "triggerThreshold", type: { - name: "String" + name: "Number" } } } } }; -export const EnrichmentDomainWhoisContacts: coreClient.CompositeMapper = { +export const AlertsDataTypeOfDataConnector: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisContacts", + className: "AlertsDataTypeOfDataConnector", modelProperties: { - admin: { - serializedName: "admin", - type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" - } - }, - billing: { - serializedName: "billing", - type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" - } - }, - registrant: { - serializedName: "registrant", - type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" - } - }, - tech: { - serializedName: "tech", + alerts: { + serializedName: "alerts", type: { name: "Composite", - className: "EnrichmentDomainWhoisContact" + className: "DataConnectorDataTypeCommon" } } } } }; -export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { +export const DataConnectorDataTypeCommon: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisContact", + className: "DataConnectorDataTypeCommon", modelProperties: { - name: { - serializedName: "name", - type: { - name: "String" - } - }, - org: { - serializedName: "org", - type: { - name: "String" - } - }, - street: { - serializedName: "street", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - city: { - serializedName: "city", - type: { - name: "String" - } - }, state: { serializedName: "state", type: { name: "String" } - }, - postal: { - serializedName: "postal", - type: { - name: "String" - } - }, - country: { - serializedName: "country", - type: { - name: "String" - } - }, - phone: { - serializedName: "phone", - type: { - name: "String" - } - }, - fax: { - serializedName: "fax", - type: { - name: "String" - } - }, - email: { - serializedName: "email", - type: { - name: "String" - } } } } }; -export const EntityQueryList: coreClient.CompositeMapper = { +export const DataConnectorWithAlertsProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryList", + className: "DataConnectorWithAlertsProperties", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + dataTypes: { + serializedName: "dataTypes", type: { - name: "String" + name: "Composite", + className: "AlertsDataTypeOfDataConnector" } - }, - value: { - serializedName: "value", - required: true, + } + } + } +}; + +export const AwsCloudTrailDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQuery" - } - } + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypesLogs" } } } } }; -export const EntityList: coreClient.CompositeMapper = { +export const DataConnectorTenantId: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityList", + className: "DataConnectorTenantId", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + tenantId: { + serializedName: "tenantId", type: { name: "String" } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Entity" - } - } - } } } } }; -export const EntityExpandParameters: coreClient.CompositeMapper = { +export const TIDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityExpandParameters", + className: "TIDataConnectorDataTypes", modelProperties: { - endTime: { - serializedName: "endTime", - type: { - name: "DateTime" - } - }, - expansionId: { - serializedName: "expansionId", - type: { - name: "Uuid" - } - }, - startTime: { - serializedName: "startTime", + indicators: { + serializedName: "indicators", type: { - name: "DateTime" + name: "Composite", + className: "TIDataConnectorDataTypesIndicators" } } } } }; -export const EntityExpandResponse: coreClient.CompositeMapper = { +export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityExpandResponse", + className: "OfficeDataConnectorDataTypes", modelProperties: { - metaData: { - serializedName: "metaData", + exchange: { + serializedName: "exchange", type: { name: "Composite", - className: "ExpansionResultsMetadata" + className: "OfficeDataConnectorDataTypesExchange" } }, - value: { - serializedName: "value", + sharePoint: { + serializedName: "sharePoint", + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesSharePoint" + } + }, + teams: { + serializedName: "teams", type: { name: "Composite", - className: "EntityExpandResponseValue" + className: "OfficeDataConnectorDataTypesTeams" } } } } }; -export const EntityExpandResponseValue: coreClient.CompositeMapper = { +export const OfficeConsentList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityExpandResponseValue", + className: "OfficeConsentList", modelProperties: { - entities: { - serializedName: "entities", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Entity" - } - } + name: "String" } }, - edges: { - serializedName: "edges", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "EntityEdges" + className: "OfficeConsent" } } } @@ -1172,201 +959,210 @@ export const EntityExpandResponseValue: coreClient.CompositeMapper = { } }; -export const EntityEdges: coreClient.CompositeMapper = { +export const ThreatIntelligence: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityEdges", + className: "ThreatIntelligence", modelProperties: { - targetEntityId: { - serializedName: "targetEntityId", + confidence: { + serializedName: "confidence", + readOnly: true, type: { - name: "String" + name: "Number" } }, - additionalData: { - serializedName: "additionalData", + providerName: { + serializedName: "providerName", + readOnly: true, type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "String" } - } - } - } -}; - -export const EntityTimelineParameters: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityTimelineParameters", - modelProperties: { - kinds: { - serializedName: "kinds", + }, + reportLink: { + serializedName: "reportLink", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - startTime: { - serializedName: "startTime", - required: true, + threatDescription: { + serializedName: "threatDescription", + readOnly: true, type: { - name: "DateTime" + name: "String" } }, - endTime: { - serializedName: "endTime", - required: true, + threatName: { + serializedName: "threatName", + readOnly: true, type: { - name: "DateTime" + name: "String" } }, - numberOfBucket: { - serializedName: "numberOfBucket", + threatType: { + serializedName: "threatType", + readOnly: true, type: { - name: "Number" + name: "String" } } } } }; -export const EntityTimelineResponse: coreClient.CompositeMapper = { +export const AlertRule: coreClient.CompositeMapper = { + serializedName: "AlertRule", type: { name: "Composite", - className: "EntityTimelineResponse", + className: "AlertRule", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - metaData: { - serializedName: "metaData", - type: { - name: "Composite", - className: "TimelineResultsMetadata" - } - }, - value: { - serializedName: "value", + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityTimelineItem" - } - } + name: "String" } } } } }; -export const TimelineResultsMetadata: coreClient.CompositeMapper = { +export const ActionRequest: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TimelineResultsMetadata", + className: "ActionRequest", modelProperties: { - totalCount: { - serializedName: "totalCount", - required: true, + ...ResourceWithEtag.type.modelProperties, + logicAppResourceId: { + serializedName: "properties.logicAppResourceId", type: { - name: "Number" + name: "String" } }, - aggregations: { - serializedName: "aggregations", - required: true, + triggerUri: { + serializedName: "properties.triggerUri", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "TimelineAggregation" - } - } - } - }, - errors: { - serializedName: "errors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "TimelineError" - } - } + name: "String" } } } } }; -export const TimelineAggregation: coreClient.CompositeMapper = { +export const Bookmark: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TimelineAggregation", + className: "Bookmark", modelProperties: { - count: { - serializedName: "count", - required: true, + ...ResourceWithEtag.type.modelProperties, + created: { + serializedName: "properties.created", type: { - name: "Number" + name: "DateTime" } }, - kind: { - serializedName: "kind", - required: true, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } - } - } - } -}; - -export const TimelineError: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TimelineError", - modelProperties: { - kind: { - serializedName: "kind", - required: true, + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + notes: { + serializedName: "properties.notes", type: { name: "String" } }, - queryId: { - serializedName: "queryId", + query: { + serializedName: "properties.query", type: { name: "String" } }, - errorMessage: { - serializedName: "errorMessage", - required: true, + queryResult: { + serializedName: "properties.queryResult", type: { name: "String" } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + eventTime: { + serializedName: "properties.eventTime", + type: { + name: "DateTime" + } + }, + queryStartTime: { + serializedName: "properties.queryStartTime", + type: { + name: "DateTime" + } + }, + queryEndTime: { + serializedName: "properties.queryEndTime", + type: { + name: "DateTime" + } + }, + incidentInfo: { + serializedName: "properties.incidentInfo", + type: { + name: "Composite", + className: "IncidentInfo" + } } } } }; -export const EntityTimelineItem: coreClient.CompositeMapper = { +export const DataConnector: coreClient.CompositeMapper = { + serializedName: "DataConnector", type: { name: "Composite", - className: "EntityTimelineItem", - uberParent: "EntityTimelineItem", + className: "DataConnector", + uberParent: "ResourceWithEtag", polymorphicDiscriminator: { serializedName: "kind", clientName: "kind" }, modelProperties: { + ...ResourceWithEtag.type.modelProperties, kind: { serializedName: "kind", required: true, @@ -1378,185 +1174,128 @@ export const EntityTimelineItem: coreClient.CompositeMapper = { } }; -export const GetQueriesResponse: coreClient.CompositeMapper = { +export const Incident: coreClient.CompositeMapper = { type: { name: "Composite", - className: "GetQueriesResponse", + className: "Incident", modelProperties: { - value: { - serializedName: "value", + ...ResourceWithEtag.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryItem" - } - } + name: "Composite", + className: "IncidentAdditionalData" } - } - } - } -}; - -export const EntityQueryItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItem", - uberParent: "EntityQueryItem", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - id: { - serializedName: "id", - readOnly: true, + }, + classification: { + serializedName: "properties.classification", type: { name: "String" } }, - name: { - serializedName: "name", + classificationComment: { + serializedName: "properties.classificationComment", type: { name: "String" } }, - type: { - serializedName: "type", + classificationReason: { + serializedName: "properties.classificationReason", type: { name: "String" } }, - kind: { - serializedName: "kind", - required: true, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", type: { name: "String" } - } - } - } -}; - -export const EntityGetInsightsParameters: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityGetInsightsParameters", - modelProperties: { - startTime: { - serializedName: "startTime", - required: true, + }, + firstActivityTimeUtc: { + serializedName: "properties.firstActivityTimeUtc", type: { name: "DateTime" } }, - endTime: { - serializedName: "endTime", - required: true, + incidentUrl: { + serializedName: "properties.incidentUrl", + readOnly: true, type: { - name: "DateTime" + name: "String" } }, - addDefaultExtendedTimeRange: { - serializedName: "addDefaultExtendedTimeRange", + incidentNumber: { + serializedName: "properties.incidentNumber", + readOnly: true, type: { - name: "Boolean" + name: "Number" } }, - insightQueryIds: { - serializedName: "insightQueryIds", + labels: { + serializedName: "properties.labels", type: { name: "Sequence", element: { type: { - name: "Uuid" + name: "Composite", + className: "IncidentLabel" } } } - } - } - } -}; - -export const EntityGetInsightsResponse: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityGetInsightsResponse", - modelProperties: { - metaData: { - serializedName: "metaData", + }, + lastActivityTimeUtc: { + serializedName: "properties.lastActivityTimeUtc", type: { - name: "Composite", - className: "GetInsightsResultsMetadata" + name: "DateTime" } }, - value: { - serializedName: "value", + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityInsightItem" - } - } + name: "DateTime" } - } - } - } -}; - -export const GetInsightsResultsMetadata: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GetInsightsResultsMetadata", - modelProperties: { - totalCount: { - serializedName: "totalCount", - required: true, + }, + owner: { + serializedName: "properties.owner", type: { - name: "Number" + name: "Composite", + className: "IncidentOwnerInfo" } }, - errors: { - serializedName: "errors", + relatedAnalyticRuleIds: { + serializedName: "properties.relatedAnalyticRuleIds", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "GetInsightsError" + name: "String" } } } - } - } - } -}; - -export const GetInsightsError: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GetInsightsError", - modelProperties: { - kind: { - defaultValue: "Insight", - isConstant: true, - serializedName: "kind", + }, + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - queryId: { - serializedName: "queryId", + status: { + serializedName: "properties.status", type: { name: "String" } }, - errorMessage: { - serializedName: "errorMessage", - required: true, + title: { + serializedName: "properties.title", type: { name: "String" } @@ -1565,118 +1304,82 @@ export const GetInsightsError: coreClient.CompositeMapper = { } }; -export const EntityInsightItem: coreClient.CompositeMapper = { +export const Settings: coreClient.CompositeMapper = { + serializedName: "Settings", type: { name: "Composite", - className: "EntityInsightItem", + className: "Settings", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - queryId: { - serializedName: "queryId", + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, type: { name: "String" } - }, - queryTimeInterval: { - serializedName: "queryTimeInterval", - type: { - name: "Composite", - className: "EntityInsightItemQueryTimeInterval" - } - }, - tableQueryResults: { - serializedName: "tableQueryResults", - type: { - name: "Composite", - className: "InsightsTableResult" - } - }, - chartQueryResults: { - serializedName: "chartQueryResults", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "InsightsTableResult" - } - } - } } } } }; -export const EntityInsightItemQueryTimeInterval: coreClient.CompositeMapper = { +export const ActionResponseProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityInsightItemQueryTimeInterval", + className: "ActionResponseProperties", modelProperties: { - startTime: { - serializedName: "startTime", - type: { - name: "DateTime" - } - }, - endTime: { - serializedName: "endTime", + ...ActionPropertiesBase.type.modelProperties, + workflowId: { + serializedName: "workflowId", type: { - name: "DateTime" + name: "String" } } } } }; -export const InsightsTableResult: coreClient.CompositeMapper = { +export const ActionRequestProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "InsightsTableResult", + className: "ActionRequestProperties", modelProperties: { - columns: { - serializedName: "columns", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "InsightsTableResultColumnsItem" - } - } - } - }, - rows: { - serializedName: "rows", + ...ActionPropertiesBase.type.modelProperties, + triggerUri: { + serializedName: "triggerUri", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } + name: "String" } } } } }; -export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { +export const ActionResponse: coreClient.CompositeMapper = { type: { name: "Composite", - className: "InsightsTableResultColumnsItem", + className: "ActionResponse", modelProperties: { - type: { - serializedName: "type", + ...Resource.type.modelProperties, + etag: { + serializedName: "etag", type: { name: "String" } }, - name: { - serializedName: "name", + logicAppResourceId: { + serializedName: "properties.logicAppResourceId", + type: { + name: "String" + } + }, + workflowId: { + serializedName: "properties.workflowId", type: { name: "String" } @@ -1685,103 +1388,73 @@ export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { } }; -export const IncidentList: coreClient.CompositeMapper = { +export const AlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "AlertRuleTemplate", type: { name: "Composite", - className: "IncidentList", + className: "AlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", + ...Resource.type.modelProperties, + kind: { + serializedName: "kind", required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Incident" - } - } + name: "String" } } } } }; -export const IncidentAdditionalData: coreClient.CompositeMapper = { +export const IncidentComment: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentAdditionalData", + className: "IncidentComment", modelProperties: { - alertsCount: { - serializedName: "alertsCount", - readOnly: true, - type: { - name: "Number" - } - }, - bookmarksCount: { - serializedName: "bookmarksCount", - readOnly: true, - type: { - name: "Number" - } - }, - commentsCount: { - serializedName: "commentsCount", + ...Resource.type.modelProperties, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", readOnly: true, type: { - name: "Number" + name: "DateTime" } }, - alertProductNames: { - serializedName: "alertProductNames", - readOnly: true, + message: { + serializedName: "properties.message", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - tactics: { - serializedName: "tactics", - readOnly: true, + author: { + serializedName: "properties.author", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "ClientInfo" } } } } }; -export const IncidentLabel: coreClient.CompositeMapper = { +export const OfficeConsent: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentLabel", + className: "OfficeConsent", modelProperties: { - labelName: { - serializedName: "labelName", - required: true, + ...Resource.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } }, - labelType: { - serializedName: "labelType", + tenantName: { + serializedName: "properties.tenantName", readOnly: true, type: { name: "String" @@ -1791,126 +1464,110 @@ export const IncidentLabel: coreClient.CompositeMapper = { } }; -export const IncidentOwnerInfo: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRuleProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentOwnerInfo", + className: "MicrosoftSecurityIncidentCreationAlertRuleProperties", modelProperties: { - email: { - serializedName: "email", + ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type + .modelProperties, + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", type: { name: "String" } }, - assignedTo: { - serializedName: "assignedTo", + description: { + serializedName: "description", type: { name: "String" } }, - objectId: { - serializedName: "objectId", + displayName: { + serializedName: "displayName", + required: true, type: { - name: "Uuid" + name: "String" } }, - userPrincipalName: { - serializedName: "userPrincipalName", + enabled: { + serializedName: "enabled", + required: true, type: { - name: "String" + name: "Boolean" } }, - ownerType: { - serializedName: "ownerType", + lastModifiedUtc: { + serializedName: "lastModifiedUtc", readOnly: true, type: { - name: "String" + name: "DateTime" } } } } }; -export const TeamInformation: coreClient.CompositeMapper = { +export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TeamInformation", + className: "ScheduledAlertRuleProperties", modelProperties: { - teamId: { - serializedName: "teamId", - readOnly: true, + ...ScheduledAlertRuleCommonProperties.type.modelProperties, + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", type: { name: "String" } }, - primaryChannelUrl: { - serializedName: "primaryChannelUrl", - readOnly: true, + description: { + serializedName: "description", type: { name: "String" } }, - teamCreationTimeUtc: { - serializedName: "teamCreationTimeUtc", - readOnly: true, + displayName: { + serializedName: "displayName", + required: true, type: { - name: "DateTime" + name: "String" } }, - name: { - serializedName: "name", - readOnly: true, + enabled: { + serializedName: "enabled", + required: true, type: { - name: "String" + name: "Boolean" } }, - description: { - serializedName: "description", + lastModifiedUtc: { + serializedName: "lastModifiedUtc", readOnly: true, type: { - name: "String" - } - } - } - } -}; - -export const TeamProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TeamProperties", - modelProperties: { - teamName: { - serializedName: "teamName", - required: true, - type: { - name: "String" + name: "DateTime" } }, - teamDescription: { - serializedName: "teamDescription", + suppressionDuration: { + serializedName: "suppressionDuration", + required: true, type: { - name: "String" + name: "TimeSpan" } }, - memberIds: { - serializedName: "memberIds", + suppressionEnabled: { + serializedName: "suppressionEnabled", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "Uuid" - } - } + name: "Boolean" } }, - groupIds: { - serializedName: "groupIds", + tactics: { + serializedName: "tactics", type: { name: "Sequence", element: { type: { - name: "Uuid" + name: "String" } } } @@ -1919,120 +1576,146 @@ export const TeamProperties: coreClient.CompositeMapper = { } }; -export const IncidentAlertList: coreClient.CompositeMapper = { +export const McasDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentAlertList", + className: "McasDataConnectorDataTypes", modelProperties: { - value: { - serializedName: "value", - required: true, + ...AlertsDataTypeOfDataConnector.type.modelProperties, + discoveryLogs: { + serializedName: "discoveryLogs", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SecurityAlert" - } - } + name: "Composite", + className: "DataConnectorDataTypeCommon" } } } } }; -export const SecurityAlertPropertiesConfidenceReasonsItem: coreClient.CompositeMapper = { +export const AwsCloudTrailDataConnectorDataTypesLogs: coreClient.CompositeMapper = { type: { name: "Composite", - className: "SecurityAlertPropertiesConfidenceReasonsItem", + className: "AwsCloudTrailDataConnectorDataTypesLogs", modelProperties: { - reason: { - serializedName: "reason", - readOnly: true, - type: { - name: "String" - } - }, - reasonType: { - serializedName: "reasonType", - readOnly: true, - type: { - name: "String" - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const EntityCommonProperties: coreClient.CompositeMapper = { +export const TIDataConnectorDataTypesIndicators: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityCommonProperties", + className: "TIDataConnectorDataTypesIndicators", modelProperties: { - additionalData: { - serializedName: "additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "friendlyName", - readOnly: true, - type: { - name: "String" - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const IncidentBookmarkList: coreClient.CompositeMapper = { +export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentBookmarkList", + className: "OfficeDataConnectorDataTypesExchange", modelProperties: { - value: { - serializedName: "value", - required: true, + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficeDataConnectorDataTypesSharePoint: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesSharePoint", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficeDataConnectorDataTypesTeams: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesTeams", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const ASCDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ASCDataConnectorProperties", + modelProperties: { + ...DataConnectorWithAlertsProperties.type.modelProperties, + subscriptionId: { + serializedName: "subscriptionId", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "HuntingBookmark" - } - } + name: "String" } } } } }; -export const IncidentCommentList: coreClient.CompositeMapper = { +export const FusionAlertRule: coreClient.CompositeMapper = { + serializedName: "Fusion", type: { name: "Composite", - className: "IncidentCommentList", + className: "FusionAlertRule", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - nextLink: { - serializedName: "nextLink", + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + displayName: { + serializedName: "properties.displayName", + readOnly: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + severity: { + serializedName: "properties.severity", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "IncidentComment" + name: "String" } } } @@ -2041,223 +1724,185 @@ export const IncidentCommentList: coreClient.CompositeMapper = { } }; -export const IncidentEntitiesResponse: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", type: { name: "Composite", - className: "IncidentEntitiesResponse", + className: "MicrosoftSecurityIncidentCreationAlertRule", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - entities: { - serializedName: "entities", + ...AlertRule.type.modelProperties, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "Entity" + name: "String" } } } }, - metaData: { - serializedName: "metaData", + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "IncidentEntitiesResultsMetadata" + name: "String" } } } - } - } - } -}; - -export const IncidentEntitiesResultsMetadata: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentEntitiesResultsMetadata", - modelProperties: { - count: { - serializedName: "count", - required: true, - type: { - name: "Number" - } }, - entityKind: { - serializedName: "entityKind", - required: true, + productFilter: { + serializedName: "properties.productFilter", type: { name: "String" } - } - } - } -}; - -export const MetadataList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataList", - modelProperties: { - value: { - serializedName: "value", - required: true, + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "MetadataModel" + name: "String" } } } }, - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const MetadataSource: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataSource", - modelProperties: { - kind: { - serializedName: "kind", - required: true, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", type: { name: "String" } }, - name: { - serializedName: "name", + description: { + serializedName: "properties.description", type: { name: "String" } }, - sourceId: { - serializedName: "sourceId", - type: { - name: "String" - } - } - } - } -}; - -export const MetadataAuthor: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataAuthor", - modelProperties: { - name: { - serializedName: "name", + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - email: { - serializedName: "email", + enabled: { + serializedName: "properties.enabled", type: { - name: "String" + name: "Boolean" } }, - link: { - serializedName: "link", + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, type: { - name: "String" + name: "DateTime" } } } } }; -export const MetadataSupport: coreClient.CompositeMapper = { +export const ScheduledAlertRule: coreClient.CompositeMapper = { + serializedName: "Scheduled", type: { name: "Composite", - className: "MetadataSupport", + className: "ScheduledAlertRule", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - tier: { - serializedName: "tier", - required: true, + ...AlertRule.type.modelProperties, + query: { + serializedName: "properties.query", type: { name: "String" } }, - name: { - serializedName: "name", + queryFrequency: { + serializedName: "properties.queryFrequency", type: { - name: "String" + name: "TimeSpan" } }, - email: { - serializedName: "email", + queryPeriod: { + serializedName: "properties.queryPeriod", type: { - name: "String" + name: "TimeSpan" } }, - link: { - serializedName: "link", + severity: { + serializedName: "properties.severity", type: { name: "String" } - } - } - } -}; - -export const MetadataDependencies: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataDependencies", - modelProperties: { - contentId: { - serializedName: "contentId", + }, + triggerOperator: { + serializedName: "properties.triggerOperator", type: { - name: "String" + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] } }, - kind: { - serializedName: "kind", + triggerThreshold: { + serializedName: "properties.triggerThreshold", type: { - name: "String" + name: "Number" } }, - version: { - serializedName: "version", + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", type: { name: "String" } }, - name: { - serializedName: "name", + description: { + serializedName: "properties.description", type: { name: "String" } }, - operator: { - serializedName: "operator", + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - criteria: { - serializedName: "criteria", + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + suppressionDuration: { + serializedName: "properties.suppressionDuration", + type: { + name: "TimeSpan" + } + }, + suppressionEnabled: { + serializedName: "properties.suppressionEnabled", + type: { + name: "Boolean" + } + }, + tactics: { + serializedName: "properties.tactics", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "MetadataDependencies" + name: "String" } } } @@ -2266,379 +1911,338 @@ export const MetadataDependencies: coreClient.CompositeMapper = { } }; -export const MetadataCategories: coreClient.CompositeMapper = { +export const AADDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", type: { name: "Composite", - className: "MetadataCategories", + className: "AADDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - domains: { - serializedName: "domains", + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - verticals: { - serializedName: "verticals", + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "AlertsDataTypeOfDataConnector" } } } } }; -export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { +export const AatpDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureAdvancedThreatProtection", type: { name: "Composite", - className: "SentinelOnboardingStatesList", + className: "AatpDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - value: { - serializedName: "value", - required: true, + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SentinelOnboardingState" - } - } + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" } } } } }; -export const SettingList: coreClient.CompositeMapper = { +export const ASCDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureSecurityCenter", type: { name: "Composite", - className: "SettingList", + className: "ASCDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - value: { - serializedName: "value", - required: true, + ...DataConnector.type.modelProperties, + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Settings" - } - } + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + }, + subscriptionId: { + serializedName: "properties.subscriptionId", + type: { + name: "String" } } } } }; -export const RepoList: coreClient.CompositeMapper = { +export const AwsCloudTrailDataConnector: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesCloudTrail", type: { name: "Composite", - className: "RepoList", + className: "AwsCloudTrailDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + ...DataConnector.type.modelProperties, + awsRoleArn: { + serializedName: "properties.awsRoleArn", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Repo" - } - } + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypes" } } } } }; -export const Repo: coreClient.CompositeMapper = { +export const McasDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftCloudAppSecurity", type: { name: "Composite", - className: "Repo", + className: "McasDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - url: { - serializedName: "url", - type: { - name: "String" - } - }, - fullName: { - serializedName: "fullName", + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } }, - branches: { - serializedName: "branches", + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "McasDataConnectorDataTypes" } } } } }; -export const SourceControlList: coreClient.CompositeMapper = { +export const MdatpDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", type: { name: "Composite", - className: "SourceControlList", + className: "MdatpDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SourceControl" - } - } + name: "Composite", + className: "AlertsDataTypeOfDataConnector" } } } } }; -export const Repository: coreClient.CompositeMapper = { +export const TIDataConnector: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", type: { name: "Composite", - className: "Repository", + className: "TIDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - url: { - serializedName: "url", - type: { - name: "String" - } - }, - branch: { - serializedName: "branch", - type: { - name: "String" - } - }, - displayUrl: { - serializedName: "displayUrl", + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } }, - deploymentLogsUrl: { - serializedName: "deploymentLogsUrl", + tipLookbackPeriod: { + serializedName: "properties.tipLookbackPeriod", + nullable: true, type: { - name: "String" + name: "DateTime" } }, - pathMapping: { - serializedName: "pathMapping", + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ContentPathMap" - } - } + name: "Composite", + className: "TIDataConnectorDataTypes" } } } } }; -export const ContentPathMap: coreClient.CompositeMapper = { +export const OfficeDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365", type: { name: "Composite", - className: "ContentPathMap", + className: "OfficeDataConnector", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - contentType: { - serializedName: "contentType", + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } }, - path: { - serializedName: "path", + dataTypes: { + serializedName: "properties.dataTypes", type: { - name: "String" + name: "Composite", + className: "OfficeDataConnectorDataTypes" } } } } }; -export const WatchlistList: coreClient.CompositeMapper = { +export const ToggleSettings: coreClient.CompositeMapper = { + serializedName: "ToggleSettings", type: { name: "Composite", - className: "WatchlistList", + className: "ToggleSettings", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, + ...Settings.type.modelProperties, + isEnabled: { + serializedName: "properties.isEnabled", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Watchlist" - } - } + name: "Boolean" } } } } }; -export const WatchlistItemList: coreClient.CompositeMapper = { +export const UebaSettings: coreClient.CompositeMapper = { + serializedName: "UebaSettings", type: { name: "Composite", - className: "WatchlistItemList", + className: "UebaSettings", + uberParent: "ResourceWithEtag", + polymorphicDiscriminator: ResourceWithEtag.type.polymorphicDiscriminator, modelProperties: { - nextLink: { - serializedName: "nextLink", + ...Settings.type.modelProperties, + atpLicenseStatus: { + serializedName: "properties.atpLicenseStatus", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + isEnabled: { + serializedName: "properties.isEnabled", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "WatchlistItem" - } - } + name: "Boolean" } - } - } - } -}; - -export const DataConnectorList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorList", - modelProperties: { - nextLink: { - serializedName: "nextLink", + }, + statusInMcas: { + serializedName: "properties.statusInMcas", readOnly: true, type: { name: "String" } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "DataConnector" - } - } - } } } } }; -export const DataConnectorConnectBody: coreClient.CompositeMapper = { +export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "Fusion", type: { name: "Composite", - className: "DataConnectorConnectBody", + className: "FusionAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - kind: { - serializedName: "kind", + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", type: { - name: "String" + name: "Number" } }, - apiKey: { - serializedName: "apiKey", + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - clientSecret: { - serializedName: "clientSecret", + description: { + serializedName: "properties.description", type: { name: "String" } }, - clientId: { - serializedName: "clientId", + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - authorizationCode: { - serializedName: "authorizationCode", + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } } }, - userName: { - serializedName: "userName", + status: { + serializedName: "properties.status", type: { name: "String" } }, - password: { - serializedName: "password", + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - requestConfigUserInputValues: { - serializedName: "requestConfigUserInputValues", + tactics: { + serializedName: "properties.tactics", type: { name: "Sequence", element: { type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } } } @@ -2647,429 +2251,192 @@ export const DataConnectorConnectBody: coreClient.CompositeMapper = { } }; -export const ErrorResponse: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", type: { name: "Composite", - className: "ErrorResponse", + className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - error: { - serializedName: "error", + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", type: { - name: "Composite", - className: "ErrorDetail" + name: "Number" } - } - } - } -}; - -export const ErrorDetail: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ErrorDetail", - modelProperties: { - code: { - serializedName: "code", + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - message: { - serializedName: "message", - readOnly: true, + description: { + serializedName: "properties.description", type: { name: "String" } }, - target: { - serializedName: "target", - readOnly: true, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - details: { - serializedName: "details", - readOnly: true, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ErrorDetail" + className: "AlertRuleTemplateDataSource" } } } }, - additionalInfo: { - serializedName: "additionalInfo", - readOnly: true, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "ErrorAdditionalInfo" + name: "String" } } } - } - } - } -}; - -export const ErrorAdditionalInfo: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ErrorAdditionalInfo", - modelProperties: { - type: { - serializedName: "type", - readOnly: true, + }, + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - info: { - serializedName: "info", - readOnly: true, + productFilter: { + serializedName: "properties.productFilter", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } - } - } - } -}; - -export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorsCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - kind: { - serializedName: "kind", - required: true, + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const DataConnectorRequirementsState: coreClient.CompositeMapper = { +export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "Scheduled", type: { name: "Composite", - className: "DataConnectorRequirementsState", + className: "ScheduledAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - authorizationState: { - serializedName: "authorizationState", + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", type: { - name: "String" + name: "Number" } }, - licenseState: { - serializedName: "licenseState", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceKillChainPhase: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceKillChainPhase", - modelProperties: { - killChainName: { - serializedName: "killChainName", + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - phaseName: { - serializedName: "phaseName", + description: { + serializedName: "properties.description", type: { name: "String" } - } - } - } -}; - -export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern", - modelProperties: { - patternTypeKey: { - serializedName: "patternTypeKey", + }, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - patternTypeValues: { - serializedName: "patternTypeValues", + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ThreatIntelligenceParsedPatternTypeValue" + className: "AlertRuleTemplateDataSource" } } } - } - } - } -}; - -export const ThreatIntelligenceParsedPatternTypeValue: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPatternTypeValue", - modelProperties: { - valueType: { - serializedName: "valueType", - type: { - name: "String" - } }, - value: { - serializedName: "value", + status: { + serializedName: "properties.status", type: { name: "String" } - } - } - } -}; - -export const ThreatIntelligenceExternalReference: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference", - modelProperties: { - description: { - serializedName: "description", + }, + query: { + serializedName: "properties.query", type: { name: "String" } }, - externalId: { - serializedName: "externalId", + queryFrequency: { + serializedName: "properties.queryFrequency", type: { - name: "String" + name: "TimeSpan" } }, - sourceName: { - serializedName: "sourceName", - type: { - name: "String" - } - }, - url: { - serializedName: "url", - type: { - name: "String" - } - }, - hashes: { - serializedName: "hashes", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - } - } - } -}; - -export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel", - modelProperties: { - language: { - serializedName: "language", - type: { - name: "String" - } - }, - markingRef: { - serializedName: "markingRef", + queryPeriod: { + serializedName: "properties.queryPeriod", type: { - name: "Number" + name: "TimeSpan" } }, - selectors: { - serializedName: "selectors", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceResourceKind: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceResourceKind", - modelProperties: { - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceInformationList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceInformation" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceFilteringCriteria", - modelProperties: { - pageSize: { - serializedName: "pageSize", - type: { - name: "Number" - } - }, - minConfidence: { - serializedName: "minConfidence", + triggerOperator: { + serializedName: "properties.triggerOperator", type: { - name: "Number" + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] } }, - maxConfidence: { - serializedName: "maxConfidence", + triggerThreshold: { + serializedName: "properties.triggerThreshold", type: { name: "Number" } }, - minValidUntil: { - serializedName: "minValidUntil", - type: { - name: "String" - } - }, - maxValidUntil: { - serializedName: "maxValidUntil", - type: { - name: "String" - } - }, - includeDisabled: { - serializedName: "includeDisabled", - type: { - name: "Boolean" - } - }, - sortBy: { - serializedName: "sortBy", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceSortingCriteria" - } - } - } - }, - sources: { - serializedName: "sources", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - patternTypes: { - serializedName: "patternTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - threatTypes: { - serializedName: "threatTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - ids: { - serializedName: "ids", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - keywords: { - serializedName: "keywords", + tactics: { + serializedName: "properties.tactics", type: { name: "Sequence", element: { @@ -3078,11234 +2445,30 @@ export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { } } } - }, - skipToken: { - serializedName: "skipToken", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceSortingCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceSortingCriteria", - modelProperties: { - itemKey: { - serializedName: "itemKey", - type: { - name: "String" - } - }, - sortOrder: { - serializedName: "sortOrder", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceMetricsList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricsList", - modelProperties: { - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetrics" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceMetrics: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetrics", - modelProperties: { - properties: { - serializedName: "properties", - type: { - name: "Composite", - className: "ThreatIntelligenceMetric" - } - } - } - } -}; - -export const ThreatIntelligenceMetric: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetric", - modelProperties: { - lastUpdatedTimeUtc: { - serializedName: "lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - threatTypeMetrics: { - serializedName: "threatTypeMetrics", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } - } - }, - patternTypeMetrics: { - serializedName: "patternTypeMetrics", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } - } - }, - sourceMetrics: { - serializedName: "sourceMetrics", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceMetricEntity: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity", - modelProperties: { - metricName: { - serializedName: "metricName", - type: { - name: "String" - } - }, - metricValue: { - serializedName: "metricValue", - type: { - name: "Number" - } - } - } - } -}; - -export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceAppendTags", - modelProperties: { - threatIntelligenceTags: { - serializedName: "threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const OperationsList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OperationsList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Operation" - } - } - } - } - } - } -}; - -export const Operation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Operation", - modelProperties: { - display: { - serializedName: "display", - type: { - name: "Composite", - className: "OperationDisplay" - } - }, - name: { - serializedName: "name", - type: { - name: "String" - } - }, - origin: { - serializedName: "origin", - type: { - name: "String" - } - }, - isDataAction: { - serializedName: "isDataAction", - type: { - name: "Boolean" - } - } - } - } -}; - -export const OperationDisplay: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OperationDisplay", - modelProperties: { - description: { - serializedName: "description", - type: { - name: "String" - } - }, - operation: { - serializedName: "operation", - type: { - name: "String" - } - }, - provider: { - serializedName: "provider", - type: { - name: "String" - } - }, - resource: { - serializedName: "resource", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeConsentList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeConsentList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "OfficeConsent" - } - } - } - } - } - } -}; - -export const EntityQueryTemplateList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryTemplateList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryTemplate" - } - } - } - } - } - } -}; - -export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource", - modelProperties: { - connectorId: { - serializedName: "connectorId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const AlertRuleTemplatePropertiesBase: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertRuleTemplatePropertiesBase", - modelProperties: { - alertRulesCreatedByTemplateCount: { - serializedName: "alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "status", - type: { - name: "String" - } - } - } - } -}; - -export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "QueryBasedAlertRuleTemplateProperties", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - version: { - serializedName: "version", - type: { - name: "String" - } - }, - customDetails: { - serializedName: "customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } - } - }, - alertDetailsOverride: { - serializedName: "alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - } - } - } -}; - -export const EntityMapping: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityMapping", - modelProperties: { - entityType: { - serializedName: "entityType", - type: { - name: "String" - } - }, - fieldMappings: { - serializedName: "fieldMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "FieldMapping" - } - } - } - } - } - } -}; - -export const FieldMapping: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FieldMapping", - modelProperties: { - identifier: { - serializedName: "identifier", - type: { - name: "String" - } - }, - columnName: { - serializedName: "columnName", - type: { - name: "String" - } - } - } - } -}; - -export const AlertDetailsOverride: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertDetailsOverride", - modelProperties: { - alertDisplayNameFormat: { - serializedName: "alertDisplayNameFormat", - type: { - name: "String" - } - }, - alertDescriptionFormat: { - serializedName: "alertDescriptionFormat", - type: { - name: "String" - } - }, - alertTacticsColumnName: { - serializedName: "alertTacticsColumnName", - type: { - name: "String" - } - }, - alertSeverityColumnName: { - serializedName: "alertSeverityColumnName", - type: { - name: "String" - } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", - modelProperties: { - displayNamesFilter: { - serializedName: "displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "displayNamesExcludeFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - productFilter: { - serializedName: "productFilter", - required: true, - type: { - name: "String" - } - }, - severitiesFilter: { - serializedName: "severitiesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "QueryBasedAlertRuleProperties", - modelProperties: { - alertRuleTemplateName: { - serializedName: "alertRuleTemplateName", - type: { - name: "String" - } - }, - templateVersion: { - serializedName: "templateVersion", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - query: { - serializedName: "query", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "enabled", - required: true, - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - suppressionDuration: { - serializedName: "suppressionDuration", - required: true, - type: { - name: "TimeSpan" - } - }, - suppressionEnabled: { - serializedName: "suppressionEnabled", - required: true, - type: { - name: "Boolean" - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - incidentConfiguration: { - serializedName: "incidentConfiguration", - type: { - name: "Composite", - className: "IncidentConfiguration" - } - }, - customDetails: { - serializedName: "customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } - } - }, - alertDetailsOverride: { - serializedName: "alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - } - } - } -}; - -export const IncidentConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentConfiguration", - modelProperties: { - createIncident: { - serializedName: "createIncident", - required: true, - type: { - name: "Boolean" - } - }, - groupingConfiguration: { - serializedName: "groupingConfiguration", - type: { - name: "Composite", - className: "GroupingConfiguration" - } - } - } - } -}; - -export const GroupingConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GroupingConfiguration", - modelProperties: { - enabled: { - serializedName: "enabled", - required: true, - type: { - name: "Boolean" - } - }, - reopenClosedIncident: { - serializedName: "reopenClosedIncident", - required: true, - type: { - name: "Boolean" - } - }, - lookbackDuration: { - serializedName: "lookbackDuration", - required: true, - type: { - name: "TimeSpan" - } - }, - matchingMethod: { - serializedName: "matchingMethod", - required: true, - type: { - name: "String" - } - }, - groupByEntities: { - serializedName: "groupByEntities", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - groupByAlertDetails: { - serializedName: "groupByAlertDetails", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - groupByCustomDetails: { - serializedName: "groupByCustomDetails", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ScheduledAlertRuleCommonProperties", - modelProperties: { - queryFrequency: { - serializedName: "queryFrequency", - type: { - name: "TimeSpan" - } - }, - queryPeriod: { - serializedName: "queryPeriod", - type: { - name: "TimeSpan" - } - }, - triggerOperator: { - serializedName: "triggerOperator", - type: { - name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] - } - }, - triggerThreshold: { - serializedName: "triggerThreshold", - type: { - name: "Number" - } - }, - eventGroupingSettings: { - serializedName: "eventGroupingSettings", - type: { - name: "Composite", - className: "EventGroupingSettings" - } - } - } - } -}; - -export const EventGroupingSettings: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EventGroupingSettings", - modelProperties: { - aggregationKind: { - serializedName: "aggregationKind", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRuleRunPlaybookActionConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration", - modelProperties: { - logicAppResourceId: { - serializedName: "logicAppResourceId", - type: { - name: "String" - } - }, - tenantId: { - serializedName: "tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRuleModifyPropertiesActionConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration", - modelProperties: { - classification: { - serializedName: "classification", - type: { - name: "String" - } - }, - classificationComment: { - serializedName: "classificationComment", - type: { - name: "String" - } - }, - classificationReason: { - serializedName: "classificationReason", - type: { - name: "String" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentLabel" - } - } - } - }, - owner: { - serializedName: "owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - status: { - serializedName: "status", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRulePropertyValuesConditionProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties", - modelProperties: { - propertyName: { - serializedName: "propertyName", - type: { - name: "String" - } - }, - operator: { - serializedName: "operator", - type: { - name: "String" - } - }, - propertyValues: { - serializedName: "propertyValues", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - } - } - } -}; - -export const EntityQueryItemProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItemProperties", - modelProperties: { - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem" - } - } - } - }, - inputEntityType: { - serializedName: "inputEntityType", - type: { - name: "String" - } - }, - requiredInputFieldsSets: { - serializedName: "requiredInputFieldsSets", - type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - }, - entitiesFilter: { - serializedName: "entitiesFilter", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const EntityQueryItemPropertiesDataTypesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem", - modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQuery: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQuery", - modelProperties: { - columnsDefinitions: { - serializedName: "columnsDefinitions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem" - } - } - } - }, - queriesDefinitions: { - serializedName: "queriesDefinitions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem" - } - } - } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem", - modelProperties: { - header: { - serializedName: "header", - type: { - name: "String" - } - }, - outputType: { - serializedName: "outputType", - type: { - name: "String" - } - }, - supportDeepLink: { - serializedName: "supportDeepLink", - type: { - name: "Boolean" - } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem", - modelProperties: { - filter: { - serializedName: "filter", - type: { - name: "String" - } - }, - summarize: { - serializedName: "summarize", - type: { - name: "String" - } - }, - project: { - serializedName: "project", - type: { - name: "String" - } - }, - linkColumnsDefinitions: { - serializedName: "linkColumnsDefinitions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem" - } - } - } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", - modelProperties: { - projectedName: { - serializedName: "projectedName", - type: { - name: "String" - } - }, - query: { - serializedName: "Query", - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItemPropertiesAdditionalQuery: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesAdditionalQuery", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - }, - text: { - serializedName: "text", - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItemPropertiesDefaultTimeRange: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesDefaultTimeRange", - modelProperties: { - beforeRange: { - serializedName: "beforeRange", - type: { - name: "String" - } - }, - afterRange: { - serializedName: "afterRange", - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItemPropertiesReferenceTimeRange: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesReferenceTimeRange", - modelProperties: { - beforeRange: { - serializedName: "beforeRange", - type: { - name: "String" - } - } - } - } -}; - -export const Sku: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Sku", - modelProperties: { - name: { - serializedName: "name", - type: { - name: "String" - } - }, - capacityReservationLevel: { - serializedName: "capacityReservationLevel", - type: { - name: "Number" - } - } - } - } -}; - -export const DataConnectorTenantId: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorTenantId", - modelProperties: { - tenantId: { - serializedName: "tenantId", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const DataConnectorWithAlertsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorWithAlertsProperties", - modelProperties: { - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } - } - } -}; - -export const AlertsDataTypeOfDataConnector: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector", - modelProperties: { - alerts: { - serializedName: "alerts", - type: { - name: "Composite", - className: "DataConnectorDataTypeCommon" - } - } - } - } -}; - -export const DataConnectorDataTypeCommon: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorDataTypeCommon", - modelProperties: { - state: { - serializedName: "state", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MstiDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorDataTypes", - modelProperties: { - bingSafetyPhishingURL: { - serializedName: "bingSafetyPhishingURL", - type: { - name: "Composite", - className: "MstiDataConnectorDataTypesBingSafetyPhishingURL" - } - }, - microsoftEmergingThreatFeed: { - serializedName: "microsoftEmergingThreatFeed", - type: { - name: "Composite", - className: "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed" - } - } - } - } -}; - -export const MTPDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPDataConnectorDataTypes", - modelProperties: { - incidents: { - serializedName: "incidents", - type: { - name: "Composite", - className: "MTPDataConnectorDataTypesIncidents" - } - } - } - } -}; - -export const AwsCloudTrailDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypes", - modelProperties: { - logs: { - serializedName: "logs", - type: { - name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypesLogs" - } - } - } - } -}; - -export const AwsS3DataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypes", - modelProperties: { - logs: { - serializedName: "logs", - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypesLogs" - } - } - } - } -}; - -export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypes", - modelProperties: { - dynamics365CdsActivities: { - serializedName: "dynamics365CdsActivities", - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypesDynamics365CdsActivities" - } - } - } - } -}; - -export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypes", - modelProperties: { - exchange: { - serializedName: "exchange", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesExchange" - } - }, - sharePoint: { - serializedName: "sharePoint", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesSharePoint" - } - }, - teams: { - serializedName: "teams", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesTeams" - } - } - } - } -}; - -export const TIDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TIDataConnectorDataTypes", - modelProperties: { - indicators: { - serializedName: "indicators", - type: { - name: "Composite", - className: "TIDataConnectorDataTypesIndicators" - } - } - } - } -}; - -export const TiTaxiiDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypes", - modelProperties: { - taxiiClient: { - serializedName: "taxiiClient", - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypesTaxiiClient" - } - } - } - } -}; - -export const CodelessUiConnectorConfigProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigProperties", - modelProperties: { - title: { - serializedName: "title", - required: true, - type: { - name: "String" - } - }, - publisher: { - serializedName: "publisher", - required: true, - type: { - name: "String" - } - }, - descriptionMarkdown: { - serializedName: "descriptionMarkdown", - required: true, - type: { - name: "String" - } - }, - customImage: { - serializedName: "customImage", - type: { - name: "String" - } - }, - graphQueriesTableName: { - serializedName: "graphQueriesTableName", - required: true, - type: { - name: "String" - } - }, - graphQueries: { - serializedName: "graphQueries", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesGraphQueriesItem" - } - } - } - }, - sampleQueries: { - serializedName: "sampleQueries", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesSampleQueriesItem" - } - } - } - }, - dataTypes: { - serializedName: "dataTypes", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesDataTypesItem" - } - } - } - }, - connectivityCriteria: { - serializedName: "connectivityCriteria", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem" - } - } - } - }, - availability: { - serializedName: "availability", - type: { - name: "Composite", - className: "Availability" - } - }, - permissions: { - serializedName: "permissions", - type: { - name: "Composite", - className: "Permissions" - } - }, - instructionSteps: { - serializedName: "instructionSteps", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "CodelessUiConnectorConfigPropertiesInstructionStepsItem" - } - } - } - } - } - } -}; - -export const GraphQueries: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GraphQueries", - modelProperties: { - metricName: { - serializedName: "metricName", - type: { - name: "String" - } - }, - legend: { - serializedName: "legend", - type: { - name: "String" - } - }, - baseQuery: { - serializedName: "baseQuery", - type: { - name: "String" - } - } - } - } -}; - -export const SampleQueries: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SampleQueries", - modelProperties: { - description: { - serializedName: "description", - type: { - name: "String" - } - }, - query: { - serializedName: "query", - type: { - name: "String" - } - } - } - } -}; - -export const LastDataReceivedDataType: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "LastDataReceivedDataType", - modelProperties: { - name: { - serializedName: "name", - type: { - name: "String" - } - }, - lastDataReceivedQuery: { - serializedName: "lastDataReceivedQuery", - type: { - name: "String" - } - } - } - } -}; - -export const ConnectivityCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ConnectivityCriteria", - modelProperties: { - type: { - serializedName: "type", - type: { - name: "String" - } - }, - value: { - serializedName: "value", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const Availability: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Availability", - modelProperties: { - status: { - defaultValue: 1, - isConstant: true, - serializedName: "status", - type: { - name: "Number" - } - }, - isPreview: { - serializedName: "isPreview", - type: { - name: "Boolean" - } - } - } - } -}; - -export const Permissions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Permissions", - modelProperties: { - resourceProvider: { - serializedName: "resourceProvider", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "PermissionsResourceProviderItem" - } - } - } - }, - customs: { - serializedName: "customs", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "PermissionsCustomsItem" - } - } - } - } - } - } -}; - -export const ResourceProvider: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ResourceProvider", - modelProperties: { - provider: { - serializedName: "provider", - type: { - name: "String" - } - }, - permissionsDisplayText: { - serializedName: "permissionsDisplayText", - type: { - name: "String" - } - }, - providerDisplayName: { - serializedName: "providerDisplayName", - type: { - name: "String" - } - }, - scope: { - serializedName: "scope", - type: { - name: "String" - } - }, - requiredPermissions: { - serializedName: "requiredPermissions", - type: { - name: "Composite", - className: "RequiredPermissions" - } - } - } - } -}; - -export const RequiredPermissions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RequiredPermissions", - modelProperties: { - action: { - serializedName: "action", - type: { - name: "Boolean" - } - }, - write: { - serializedName: "write", - type: { - name: "Boolean" - } - }, - read: { - serializedName: "read", - type: { - name: "Boolean" - } - }, - delete: { - serializedName: "delete", - type: { - name: "Boolean" - } - } - } - } -}; - -export const CustomsPermission: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CustomsPermission", - modelProperties: { - name: { - serializedName: "name", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - } - } - } -}; - -export const InstructionSteps: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InstructionSteps", - modelProperties: { - title: { - serializedName: "title", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - instructions: { - serializedName: "instructions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "InstructionStepsInstructionsItem" - } - } - } - } - } - } -}; - -export const ConnectorInstructionModelBase: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ConnectorInstructionModelBase", - modelProperties: { - parameters: { - serializedName: "parameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - type: { - serializedName: "type", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const CodelessConnectorPollingConfigProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingConfigProperties", - modelProperties: { - isActive: { - serializedName: "isActive", - type: { - name: "Boolean" - } - }, - auth: { - serializedName: "auth", - type: { - name: "Composite", - className: "CodelessConnectorPollingAuthProperties" - } - }, - request: { - serializedName: "request", - type: { - name: "Composite", - className: "CodelessConnectorPollingRequestProperties" - } - }, - paging: { - serializedName: "paging", - type: { - name: "Composite", - className: "CodelessConnectorPollingPagingProperties" - } - }, - response: { - serializedName: "response", - type: { - name: "Composite", - className: "CodelessConnectorPollingResponseProperties" - } - } - } - } -}; - -export const CodelessConnectorPollingAuthProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingAuthProperties", - modelProperties: { - authType: { - serializedName: "authType", - required: true, - type: { - name: "String" - } - }, - apiKeyName: { - serializedName: "apiKeyName", - type: { - name: "String" - } - }, - apiKeyIdentifier: { - serializedName: "apiKeyIdentifier", - type: { - name: "String" - } - }, - isApiKeyInPostPayload: { - serializedName: "isApiKeyInPostPayload", - type: { - name: "String" - } - }, - flowName: { - serializedName: "flowName", - type: { - name: "String" - } - }, - tokenEndpoint: { - serializedName: "tokenEndpoint", - type: { - name: "String" - } - }, - authorizationEndpoint: { - serializedName: "authorizationEndpoint", - type: { - name: "String" - } - }, - authorizationEndpointQueryParameters: { - serializedName: "authorizationEndpointQueryParameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - redirectionEndpoint: { - serializedName: "redirectionEndpoint", - type: { - name: "String" - } - }, - tokenEndpointHeaders: { - serializedName: "tokenEndpointHeaders", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - tokenEndpointQueryParameters: { - serializedName: "tokenEndpointQueryParameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - isClientSecretInHeader: { - serializedName: "isClientSecretInHeader", - type: { - name: "Boolean" - } - }, - scope: { - serializedName: "scope", - type: { - name: "String" - } - } - } - } -}; - -export const CodelessConnectorPollingRequestProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingRequestProperties", - modelProperties: { - apiEndpoint: { - serializedName: "apiEndpoint", - required: true, - type: { - name: "String" - } - }, - rateLimitQps: { - serializedName: "rateLimitQps", - type: { - name: "Number" - } - }, - queryWindowInMin: { - serializedName: "queryWindowInMin", - required: true, - type: { - name: "Number" - } - }, - httpMethod: { - serializedName: "httpMethod", - required: true, - type: { - name: "String" - } - }, - queryTimeFormat: { - serializedName: "queryTimeFormat", - required: true, - type: { - name: "String" - } - }, - retryCount: { - serializedName: "retryCount", - type: { - name: "Number" - } - }, - timeoutInSeconds: { - serializedName: "timeoutInSeconds", - type: { - name: "Number" - } - }, - headers: { - serializedName: "headers", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - queryParameters: { - serializedName: "queryParameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - queryParametersTemplate: { - serializedName: "queryParametersTemplate", - type: { - name: "String" - } - }, - startTimeAttributeName: { - serializedName: "startTimeAttributeName", - type: { - name: "String" - } - }, - endTimeAttributeName: { - serializedName: "endTimeAttributeName", - type: { - name: "String" - } - } - } - } -}; - -export const CodelessConnectorPollingPagingProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingPagingProperties", - modelProperties: { - pagingType: { - serializedName: "pagingType", - required: true, - type: { - name: "String" - } - }, - nextPageParaName: { - serializedName: "nextPageParaName", - type: { - name: "String" - } - }, - nextPageTokenJsonPath: { - serializedName: "nextPageTokenJsonPath", - type: { - name: "String" - } - }, - pageCountAttributePath: { - serializedName: "pageCountAttributePath", - type: { - name: "String" - } - }, - pageTotalCountAttributePath: { - serializedName: "pageTotalCountAttributePath", - type: { - name: "String" - } - }, - pageTimeStampAttributePath: { - serializedName: "pageTimeStampAttributePath", - type: { - name: "String" - } - }, - searchTheLatestTimeStampFromEventsList: { - serializedName: "searchTheLatestTimeStampFromEventsList", - type: { - name: "String" - } - }, - pageSizeParaName: { - serializedName: "pageSizeParaName", - type: { - name: "String" - } - }, - pageSize: { - serializedName: "pageSize", - type: { - name: "Number" - } - } - } - } -}; - -export const CodelessConnectorPollingResponseProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingResponseProperties", - modelProperties: { - eventsJsonPaths: { - serializedName: "eventsJsonPaths", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - successStatusJsonPath: { - serializedName: "successStatusJsonPath", - type: { - name: "String" - } - }, - successStatusValue: { - serializedName: "successStatusValue", - type: { - name: "String" - } - }, - isGzipCompressed: { - serializedName: "isGzipCompressed", - type: { - name: "Boolean" - } - } - } - } -}; - -export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - }, - summarizeBy: { - serializedName: "summarizeBy", - type: { - name: "String" - } - } - } - } -}; - -export const DataTypeDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataTypeDefinitions", - modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligence: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligence", - modelProperties: { - confidence: { - serializedName: "confidence", - readOnly: true, - type: { - name: "Number" - } - }, - providerName: { - serializedName: "providerName", - readOnly: true, - type: { - name: "String" - } - }, - reportLink: { - serializedName: "reportLink", - readOnly: true, - type: { - name: "String" - } - }, - threatDescription: { - serializedName: "threatDescription", - readOnly: true, - type: { - name: "String" - } - }, - threatName: { - serializedName: "threatName", - readOnly: true, - type: { - name: "String" - } - }, - threatType: { - serializedName: "threatType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const GeoLocation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GeoLocation", - modelProperties: { - asn: { - serializedName: "asn", - readOnly: true, - type: { - name: "Number" - } - }, - city: { - serializedName: "city", - readOnly: true, - type: { - name: "String" - } - }, - countryCode: { - serializedName: "countryCode", - readOnly: true, - type: { - name: "String" - } - }, - countryName: { - serializedName: "countryName", - readOnly: true, - type: { - name: "String" - } - }, - latitude: { - serializedName: "latitude", - readOnly: true, - type: { - name: "Number" - } - }, - longitude: { - serializedName: "longitude", - readOnly: true, - type: { - name: "Number" - } - }, - state: { - serializedName: "state", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const ResourceWithEtag: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ResourceWithEtag", - modelProperties: { - ...Resource.type.modelProperties, - etag: { - serializedName: "etag", - type: { - name: "String" - } - } - } - } -}; - -export const AlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "AlertRuleTemplate", - type: { - name: "Composite", - className: "AlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const Entity: coreClient.CompositeMapper = { - serializedName: "Entity", - type: { - name: "Composite", - className: "Entity", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const OfficeConsent: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeConsent", - modelProperties: { - ...Resource.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - consentId: { - serializedName: "properties.consentId", - type: { - name: "String" - } - } - } - } -}; - -export const EntityQueryTemplate: coreClient.CompositeMapper = { - serializedName: "EntityQueryTemplate", - type: { - name: "Composite", - className: "EntityQueryTemplate", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const ActionResponseProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionResponseProperties", - modelProperties: { - ...ActionPropertiesBase.type.modelProperties, - workflowId: { - serializedName: "workflowId", - type: { - name: "String" - } - } - } - } -}; - -export const ActionRequestProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionRequestProperties", - modelProperties: { - ...ActionPropertiesBase.type.modelProperties, - triggerUri: { - serializedName: "triggerUri", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { - serializedName: "Property", - type: { - name: "Composite", - className: "AutomationRulePropertyValuesCondition", - uberParent: "AutomationRuleCondition", - polymorphicDiscriminator: - AutomationRuleCondition.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleCondition.type.modelProperties, - conditionProperties: { - serializedName: "conditionProperties", - type: { - name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties" - } - } - } - } -}; - -export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { - serializedName: "RunPlaybook", - type: { - name: "Composite", - className: "AutomationRuleRunPlaybookAction", - uberParent: "AutomationRuleAction", - polymorphicDiscriminator: - AutomationRuleAction.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", - type: { - name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration" - } - } - } - } -}; - -export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { - serializedName: "ModifyProperties", - type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesAction", - uberParent: "AutomationRuleAction", - polymorphicDiscriminator: - AutomationRuleAction.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", - type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration" - } - } - } - } -}; - -export const ActivityTimelineItem: coreClient.CompositeMapper = { - serializedName: "Activity", - type: { - name: "Composite", - className: "ActivityTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - queryId: { - serializedName: "queryId", - required: true, - type: { - name: "String" - } - }, - bucketStartTimeUTC: { - serializedName: "bucketStartTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - bucketEndTimeUTC: { - serializedName: "bucketEndTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - firstActivityTimeUTC: { - serializedName: "firstActivityTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - lastActivityTimeUTC: { - serializedName: "lastActivityTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - content: { - serializedName: "content", - required: true, - type: { - name: "String" - } - }, - title: { - serializedName: "title", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const BookmarkTimelineItem: coreClient.CompositeMapper = { - serializedName: "Bookmark", - type: { - name: "Composite", - className: "BookmarkTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - azureResourceId: { - serializedName: "azureResourceId", - required: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - notes: { - serializedName: "notes", - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - type: { - name: "DateTime" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - type: { - name: "DateTime" - } - }, - eventTime: { - serializedName: "eventTime", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const SecurityAlertTimelineItem: coreClient.CompositeMapper = { - serializedName: "SecurityAlert", - type: { - name: "Composite", - className: "SecurityAlertTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - azureResourceId: { - serializedName: "azureResourceId", - required: true, - type: { - name: "String" - } - }, - productName: { - serializedName: "productName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - required: true, - type: { - name: "DateTime" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - required: true, - type: { - name: "DateTime" - } - }, - timeGenerated: { - serializedName: "timeGenerated", - required: true, - type: { - name: "DateTime" - } - }, - alertType: { - serializedName: "alertType", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItem: coreClient.CompositeMapper = { - serializedName: "Insight", - type: { - name: "Composite", - className: "InsightQueryItem", - uberParent: "EntityQueryItem", - polymorphicDiscriminator: EntityQueryItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityQueryItem.type.modelProperties, - properties: { - serializedName: "properties", - type: { - name: "Composite", - className: "InsightQueryItemProperties" - } - } - } - } -}; - -export const SecurityAlertProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SecurityAlertProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - alertDisplayName: { - serializedName: "alertDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - alertType: { - serializedName: "alertType", - readOnly: true, - type: { - name: "String" - } - }, - compromisedEntity: { - serializedName: "compromisedEntity", - readOnly: true, - type: { - name: "String" - } - }, - confidenceLevel: { - serializedName: "confidenceLevel", - readOnly: true, - type: { - name: "String" - } - }, - confidenceReasons: { - serializedName: "confidenceReasons", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SecurityAlertPropertiesConfidenceReasonsItem" - } - } - } - }, - confidenceScore: { - serializedName: "confidenceScore", - readOnly: true, - type: { - name: "Number" - } - }, - confidenceScoreStatus: { - serializedName: "confidenceScoreStatus", - readOnly: true, - type: { - name: "String" - } - }, - description: { - serializedName: "description", - readOnly: true, - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - intent: { - serializedName: "intent", - readOnly: true, - type: { - name: "String" - } - }, - providerAlertId: { - serializedName: "providerAlertId", - readOnly: true, - type: { - name: "String" - } - }, - processingEndTime: { - serializedName: "processingEndTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - productComponentName: { - serializedName: "productComponentName", - readOnly: true, - type: { - name: "String" - } - }, - productName: { - serializedName: "productName", - readOnly: true, - type: { - name: "String" - } - }, - productVersion: { - serializedName: "productVersion", - readOnly: true, - type: { - name: "String" - } - }, - remediationSteps: { - serializedName: "remediationSteps", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - status: { - serializedName: "status", - readOnly: true, - type: { - name: "String" - } - }, - systemAlertId: { - serializedName: "systemAlertId", - readOnly: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - timeGenerated: { - serializedName: "timeGenerated", - readOnly: true, - type: { - name: "DateTime" - } - }, - vendorName: { - serializedName: "vendorName", - readOnly: true, - type: { - name: "String" - } - }, - alertLink: { - serializedName: "alertLink", - readOnly: true, - type: { - name: "String" - } - }, - resourceIdentifiers: { - serializedName: "resourceIdentifiers", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } - } - } -}; - -export const HuntingBookmarkProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "HuntingBookmarkProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - created: { - serializedName: "created", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - eventTime: { - serializedName: "eventTime", - type: { - name: "DateTime" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - notes: { - serializedName: "notes", - type: { - name: "String" - } - }, - query: { - serializedName: "query", - required: true, - type: { - name: "String" - } - }, - queryResult: { - serializedName: "queryResult", - type: { - name: "String" - } - }, - updated: { - serializedName: "updated", - type: { - name: "DateTime" - } - }, - updatedBy: { - serializedName: "updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - incidentInfo: { - serializedName: "incidentInfo", - type: { - name: "Composite", - className: "IncidentInfo" - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - threatIntelligenceTags: { - serializedName: "threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - lastUpdatedTimeUtc: { - serializedName: "lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - source: { - serializedName: "source", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - indicatorTypes: { - serializedName: "indicatorTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - pattern: { - serializedName: "pattern", - type: { - name: "String" - } - }, - patternType: { - serializedName: "patternType", - type: { - name: "String" - } - }, - patternVersion: { - serializedName: "patternVersion", - type: { - name: "String" - } - }, - killChainPhases: { - serializedName: "killChainPhases", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceKillChainPhase" - } - } - } - }, - parsedPattern: { - serializedName: "parsedPattern", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern" - } - } - } - }, - externalId: { - serializedName: "externalId", - type: { - name: "String" - } - }, - createdByRef: { - serializedName: "createdByRef", - type: { - name: "String" - } - }, - defanged: { - serializedName: "defanged", - type: { - name: "Boolean" - } - }, - externalLastUpdatedTimeUtc: { - serializedName: "externalLastUpdatedTimeUtc", - type: { - name: "String" - } - }, - externalReferences: { - serializedName: "externalReferences", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference" - } - } - } - }, - granularMarkings: { - serializedName: "granularMarkings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel" - } - } - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - revoked: { - serializedName: "revoked", - type: { - name: "Boolean" - } - }, - confidence: { - serializedName: "confidence", - type: { - name: "Number" - } - }, - objectMarkingRefs: { - serializedName: "objectMarkingRefs", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - language: { - serializedName: "language", - type: { - name: "String" - } - }, - threatTypes: { - serializedName: "threatTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - validFrom: { - serializedName: "validFrom", - type: { - name: "String" - } - }, - validUntil: { - serializedName: "validUntil", - type: { - name: "String" - } - }, - created: { - serializedName: "created", - type: { - name: "String" - } - }, - modified: { - serializedName: "modified", - type: { - name: "String" - } - }, - extensions: { - serializedName: "extensions", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const AccountEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AccountEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - aadTenantId: { - serializedName: "aadTenantId", - readOnly: true, - type: { - name: "String" - } - }, - aadUserId: { - serializedName: "aadUserId", - readOnly: true, - type: { - name: "String" - } - }, - accountName: { - serializedName: "accountName", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - isDomainJoined: { - serializedName: "isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - ntDomain: { - serializedName: "ntDomain", - readOnly: true, - type: { - name: "String" - } - }, - objectGuid: { - serializedName: "objectGuid", - readOnly: true, - type: { - name: "Uuid" - } - }, - puid: { - serializedName: "puid", - readOnly: true, - type: { - name: "String" - } - }, - sid: { - serializedName: "sid", - readOnly: true, - type: { - name: "String" - } - }, - upnSuffix: { - serializedName: "upnSuffix", - readOnly: true, - type: { - name: "String" - } - }, - dnsDomain: { - serializedName: "dnsDomain", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const AzureResourceEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AzureResourceEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - resourceId: { - serializedName: "resourceId", - readOnly: true, - type: { - name: "String" - } - }, - subscriptionId: { - serializedName: "subscriptionId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const CloudApplicationEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CloudApplicationEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - appId: { - serializedName: "appId", - readOnly: true, - type: { - name: "Number" - } - }, - appName: { - serializedName: "appName", - readOnly: true, - type: { - name: "String" - } - }, - instanceName: { - serializedName: "instanceName", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const DnsEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DnsEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - dnsServerIpEntityId: { - serializedName: "dnsServerIpEntityId", - readOnly: true, - type: { - name: "String" - } - }, - domainName: { - serializedName: "domainName", - readOnly: true, - type: { - name: "String" - } - }, - hostIpAddressEntityId: { - serializedName: "hostIpAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityIds: { - serializedName: "ipAddressEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const FileEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FileEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - directory: { - serializedName: "directory", - readOnly: true, - type: { - name: "String" - } - }, - fileHashEntityIds: { - serializedName: "fileHashEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - fileName: { - serializedName: "fileName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const FileHashEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FileHashEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - algorithm: { - serializedName: "algorithm", - readOnly: true, - type: { - name: "String" - } - }, - hashValue: { - serializedName: "hashValue", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const HostEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "HostEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - azureID: { - serializedName: "azureID", - readOnly: true, - type: { - name: "String" - } - }, - dnsDomain: { - serializedName: "dnsDomain", - readOnly: true, - type: { - name: "String" - } - }, - hostName: { - serializedName: "hostName", - readOnly: true, - type: { - name: "String" - } - }, - isDomainJoined: { - serializedName: "isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - netBiosName: { - serializedName: "netBiosName", - readOnly: true, - type: { - name: "String" - } - }, - ntDomain: { - serializedName: "ntDomain", - readOnly: true, - type: { - name: "String" - } - }, - omsAgentID: { - serializedName: "omsAgentID", - readOnly: true, - type: { - name: "String" - } - }, - osFamily: { - serializedName: "osFamily", - type: { - name: "Enum", - allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] - } - }, - osVersion: { - serializedName: "osVersion", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const IoTDeviceEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IoTDeviceEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - deviceId: { - serializedName: "deviceId", - readOnly: true, - type: { - name: "String" - } - }, - deviceName: { - serializedName: "deviceName", - readOnly: true, - type: { - name: "String" - } - }, - source: { - serializedName: "source", - readOnly: true, - type: { - name: "String" - } - }, - iotSecurityAgentId: { - serializedName: "iotSecurityAgentId", - readOnly: true, - type: { - name: "Uuid" - } - }, - deviceType: { - serializedName: "deviceType", - readOnly: true, - type: { - name: "String" - } - }, - vendor: { - serializedName: "vendor", - readOnly: true, - type: { - name: "String" - } - }, - edgeId: { - serializedName: "edgeId", - readOnly: true, - type: { - name: "String" - } - }, - macAddress: { - serializedName: "macAddress", - readOnly: true, - type: { - name: "String" - } - }, - model: { - serializedName: "model", - readOnly: true, - type: { - name: "String" - } - }, - serialNumber: { - serializedName: "serialNumber", - readOnly: true, - type: { - name: "String" - } - }, - firmwareVersion: { - serializedName: "firmwareVersion", - readOnly: true, - type: { - name: "String" - } - }, - operatingSystem: { - serializedName: "operatingSystem", - readOnly: true, - type: { - name: "String" - } - }, - iotHubEntityId: { - serializedName: "iotHubEntityId", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityId: { - serializedName: "ipAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligence: { - serializedName: "threatIntelligence", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligence" - } - } - } - }, - protocols: { - serializedName: "protocols", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const IpEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IpEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - address: { - serializedName: "address", - readOnly: true, - type: { - name: "String" - } - }, - location: { - serializedName: "location", - type: { - name: "Composite", - className: "GeoLocation" - } - }, - threatIntelligence: { - serializedName: "threatIntelligence", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligence" - } - } - } - } - } - } -}; - -export const MailboxEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MailboxEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - mailboxPrimaryAddress: { - serializedName: "mailboxPrimaryAddress", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - readOnly: true, - type: { - name: "String" - } - }, - upn: { - serializedName: "upn", - readOnly: true, - type: { - name: "String" - } - }, - externalDirectoryObjectId: { - serializedName: "externalDirectoryObjectId", - readOnly: true, - type: { - name: "Uuid" - } - } - } - } -}; - -export const MailClusterEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MailClusterEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - networkMessageIds: { - serializedName: "networkMessageIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - countByDeliveryStatus: { - serializedName: "countByDeliveryStatus", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - countByThreatType: { - serializedName: "countByThreatType", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - countByProtectionStatus: { - serializedName: "countByProtectionStatus", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - threats: { - serializedName: "threats", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - query: { - serializedName: "query", - readOnly: true, - type: { - name: "String" - } - }, - queryTime: { - serializedName: "queryTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - mailCount: { - serializedName: "mailCount", - readOnly: true, - type: { - name: "Number" - } - }, - isVolumeAnomaly: { - serializedName: "isVolumeAnomaly", - readOnly: true, - type: { - name: "Boolean" - } - }, - source: { - serializedName: "source", - readOnly: true, - type: { - name: "String" - } - }, - clusterSourceIdentifier: { - serializedName: "clusterSourceIdentifier", - readOnly: true, - type: { - name: "String" - } - }, - clusterSourceType: { - serializedName: "clusterSourceType", - readOnly: true, - type: { - name: "String" - } - }, - clusterQueryStartTime: { - serializedName: "clusterQueryStartTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - clusterQueryEndTime: { - serializedName: "clusterQueryEndTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - clusterGroup: { - serializedName: "clusterGroup", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const MailMessageEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MailMessageEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - fileEntityIds: { - serializedName: "fileEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - recipient: { - serializedName: "recipient", - readOnly: true, - type: { - name: "String" - } - }, - urls: { - serializedName: "urls", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - threats: { - serializedName: "threats", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - p1Sender: { - serializedName: "p1Sender", - readOnly: true, - type: { - name: "String" - } - }, - p1SenderDisplayName: { - serializedName: "p1SenderDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - p1SenderDomain: { - serializedName: "p1SenderDomain", - readOnly: true, - type: { - name: "String" - } - }, - senderIP: { - serializedName: "senderIP", - readOnly: true, - type: { - name: "String" - } - }, - p2Sender: { - serializedName: "p2Sender", - readOnly: true, - type: { - name: "String" - } - }, - p2SenderDisplayName: { - serializedName: "p2SenderDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - p2SenderDomain: { - serializedName: "p2SenderDomain", - readOnly: true, - type: { - name: "String" - } - }, - receiveDate: { - serializedName: "receiveDate", - readOnly: true, - type: { - name: "DateTime" - } - }, - networkMessageId: { - serializedName: "networkMessageId", - readOnly: true, - type: { - name: "Uuid" - } - }, - internetMessageId: { - serializedName: "internetMessageId", - readOnly: true, - type: { - name: "String" - } - }, - subject: { - serializedName: "subject", - readOnly: true, - type: { - name: "String" - } - }, - language: { - serializedName: "language", - readOnly: true, - type: { - name: "String" - } - }, - threatDetectionMethods: { - serializedName: "threatDetectionMethods", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - bodyFingerprintBin1: { - serializedName: "bodyFingerprintBin1", - type: { - name: "Number" - } - }, - bodyFingerprintBin2: { - serializedName: "bodyFingerprintBin2", - type: { - name: "Number" - } - }, - bodyFingerprintBin3: { - serializedName: "bodyFingerprintBin3", - type: { - name: "Number" - } - }, - bodyFingerprintBin4: { - serializedName: "bodyFingerprintBin4", - type: { - name: "Number" - } - }, - bodyFingerprintBin5: { - serializedName: "bodyFingerprintBin5", - type: { - name: "Number" - } - }, - antispamDirection: { - serializedName: "antispamDirection", - type: { - name: "String" - } - }, - deliveryAction: { - serializedName: "deliveryAction", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "DeliveredAsSpam", - "Delivered", - "Blocked", - "Replaced" - ] - } - }, - deliveryLocation: { - serializedName: "deliveryLocation", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "Inbox", - "JunkFolder", - "DeletedFolder", - "Quarantine", - "External", - "Failed", - "Dropped", - "Forwarded" - ] - } - } - } - } -}; - -export const MalwareEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MalwareEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - category: { - serializedName: "category", - readOnly: true, - type: { - name: "String" - } - }, - fileEntityIds: { - serializedName: "fileEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - malwareName: { - serializedName: "malwareName", - readOnly: true, - type: { - name: "String" - } - }, - processEntityIds: { - serializedName: "processEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ProcessEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ProcessEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - accountEntityId: { - serializedName: "accountEntityId", - readOnly: true, - type: { - name: "String" - } - }, - commandLine: { - serializedName: "commandLine", - readOnly: true, - type: { - name: "String" - } - }, - creationTimeUtc: { - serializedName: "creationTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - elevationToken: { - serializedName: "elevationToken", - type: { - name: "Enum", - allowedValues: ["Default", "Full", "Limited"] - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - hostLogonSessionEntityId: { - serializedName: "hostLogonSessionEntityId", - readOnly: true, - type: { - name: "String" - } - }, - imageFileEntityId: { - serializedName: "imageFileEntityId", - readOnly: true, - type: { - name: "String" - } - }, - parentProcessEntityId: { - serializedName: "parentProcessEntityId", - readOnly: true, - type: { - name: "String" - } - }, - processId: { - serializedName: "processId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const RegistryKeyEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RegistryKeyEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - hive: { - serializedName: "hive", - readOnly: true, - type: { - name: "String" - } - }, - key: { - serializedName: "key", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const RegistryValueEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RegistryValueEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - keyEntityId: { - serializedName: "keyEntityId", - readOnly: true, - type: { - name: "String" - } - }, - valueData: { - serializedName: "valueData", - readOnly: true, - type: { - name: "String" - } - }, - valueName: { - serializedName: "valueName", - readOnly: true, - type: { - name: "String" - } - }, - valueType: { - serializedName: "valueType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const SecurityGroupEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SecurityGroupEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - distinguishedName: { - serializedName: "distinguishedName", - readOnly: true, - type: { - name: "String" - } - }, - objectGuid: { - serializedName: "objectGuid", - readOnly: true, - type: { - name: "Uuid" - } - }, - sid: { - serializedName: "sid", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const SubmissionMailEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SubmissionMailEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - networkMessageId: { - serializedName: "networkMessageId", - readOnly: true, - type: { - name: "Uuid" - } - }, - submissionId: { - serializedName: "submissionId", - readOnly: true, - type: { - name: "Uuid" - } - }, - submitter: { - serializedName: "submitter", - readOnly: true, - type: { - name: "String" - } - }, - submissionDate: { - serializedName: "submissionDate", - readOnly: true, - type: { - name: "DateTime" - } - }, - timestamp: { - serializedName: "timestamp", - readOnly: true, - type: { - name: "DateTime" - } - }, - recipient: { - serializedName: "recipient", - readOnly: true, - type: { - name: "String" - } - }, - sender: { - serializedName: "sender", - readOnly: true, - type: { - name: "String" - } - }, - senderIp: { - serializedName: "senderIp", - readOnly: true, - type: { - name: "String" - } - }, - subject: { - serializedName: "subject", - readOnly: true, - type: { - name: "String" - } - }, - reportType: { - serializedName: "reportType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const UrlEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "UrlEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - url: { - serializedName: "url", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const AADCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", - type: { - name: "Composite", - className: "AADCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const AatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureAdvancedThreatProtection", - type: { - name: "Composite", - className: "AatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ASCCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureSecurityCenter", - type: { - name: "Composite", - className: "ASCCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - subscriptionId: { - serializedName: "properties.subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesCloudTrail", - type: { - name: "Composite", - className: "AwsCloudTrailCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const AwsS3CheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { - serializedName: "Dynamics365", - type: { - name: "Composite", - className: "Dynamics365CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const McasCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftCloudAppSecurity", - type: { - name: "Composite", - className: "McasCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MdatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MstiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MtpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", - type: { - name: "Composite", - className: "MtpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeATP", - type: { - name: "Composite", - className: "OfficeATPCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TICheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TICheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { - serializedName: "indicator", - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorModelForRequestBody", - modelProperties: { - ...ThreatIntelligenceResourceKind.type.modelProperties, - etag: { - serializedName: "etag", - type: { - name: "String" - } - }, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligenceTags: { - serializedName: "properties.threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - lastUpdatedTimeUtc: { - serializedName: "properties.lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - indicatorTypes: { - serializedName: "properties.indicatorTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - pattern: { - serializedName: "properties.pattern", - type: { - name: "String" - } - }, - patternType: { - serializedName: "properties.patternType", - type: { - name: "String" - } - }, - patternVersion: { - serializedName: "properties.patternVersion", - type: { - name: "String" - } - }, - killChainPhases: { - serializedName: "properties.killChainPhases", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceKillChainPhase" - } - } - } - }, - parsedPattern: { - serializedName: "properties.parsedPattern", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern" - } - } - } - }, - externalId: { - serializedName: "properties.externalId", - type: { - name: "String" - } - }, - createdByRef: { - serializedName: "properties.createdByRef", - type: { - name: "String" - } - }, - defanged: { - serializedName: "properties.defanged", - type: { - name: "Boolean" - } - }, - externalLastUpdatedTimeUtc: { - serializedName: "properties.externalLastUpdatedTimeUtc", - type: { - name: "String" - } - }, - externalReferences: { - serializedName: "properties.externalReferences", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference" - } - } - } - }, - granularMarkings: { - serializedName: "properties.granularMarkings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel" - } - } - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - revoked: { - serializedName: "properties.revoked", - type: { - name: "Boolean" - } - }, - confidence: { - serializedName: "properties.confidence", - type: { - name: "Number" - } - }, - objectMarkingRefs: { - serializedName: "properties.objectMarkingRefs", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - language: { - serializedName: "properties.language", - type: { - name: "String" - } - }, - threatTypes: { - serializedName: "properties.threatTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - validFrom: { - serializedName: "properties.validFrom", - type: { - name: "String" - } - }, - validUntil: { - serializedName: "properties.validUntil", - type: { - name: "String" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "String" - } - }, - modified: { - serializedName: "properties.modified", - type: { - name: "String" - } - }, - extensions: { - serializedName: "properties.extensions", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceInformation", - type: { - name: "Composite", - className: "ThreatIntelligenceInformation", - uberParent: "ThreatIntelligenceResourceKind", - polymorphicDiscriminator: - ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - ...ThreatIntelligenceResourceKind.type.modelProperties - } - } -}; - -export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type - .modelProperties - } - } -}; - -export const ScheduledAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ScheduledAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - ...QueryBasedAlertRuleTemplateProperties.type.modelProperties, - ...ScheduledAlertRuleCommonProperties.type.modelProperties - } - } -}; - -export const NrtAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "NrtAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - ...QueryBasedAlertRuleTemplateProperties.type.modelProperties - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleProperties", - modelProperties: { - ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type - .modelProperties, - alertRuleTemplateName: { - serializedName: "alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "enabled", - required: true, - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - } - } - } -}; - -export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ScheduledAlertRuleProperties", - modelProperties: { - ...ScheduledAlertRuleCommonProperties.type.modelProperties, - ...QueryBasedAlertRuleProperties.type.modelProperties - } - } -}; - -export const NrtAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "NrtAlertRuleProperties", - modelProperties: { - ...QueryBasedAlertRuleProperties.type.modelProperties - } - } -}; - -export const InsightQueryItemProperties: coreClient.CompositeMapper = { - serializedName: "Insight", - type: { - name: "Composite", - className: "InsightQueryItemProperties", - modelProperties: { - ...EntityQueryItemProperties.type.modelProperties, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - baseQuery: { - serializedName: "baseQuery", - type: { - name: "String" - } - }, - tableQuery: { - serializedName: "tableQuery", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQuery" - } - }, - chartQuery: { - serializedName: "chartQuery", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - additionalQuery: { - serializedName: "additionalQuery", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesAdditionalQuery" - } - }, - defaultTimeRange: { - serializedName: "defaultTimeRange", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesDefaultTimeRange" - } - }, - referenceTimeRange: { - serializedName: "referenceTimeRange", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesReferenceTimeRange" - } - } - } - } -}; - -export const AADCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AADCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const AatpCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AatpCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365CheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const McasCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "McasCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const MdatpCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MdatpCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const MstiCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const MTPCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const OfficeATPCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeATPCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeIRMCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const TICheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TICheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const TiTaxiiCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const AADDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AADDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const MstiDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "MstiDataConnectorDataTypes" - } - } - } - } -}; - -export const MTPDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "MTPDataConnectorDataTypes" - } - } - } - } -}; - -export const AatpDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AatpDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const McasDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "McasDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "McasDataConnectorDataTypes" - } - } - } - } -}; - -export const Dynamics365DataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365DataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypes" - } - } - } - } -}; - -export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeATPDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const OfficeIRMDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeIRMDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const MdatpDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MdatpDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const OfficeDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypes" - } - } - } - } -}; - -export const TIDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TIDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - tipLookbackPeriod: { - serializedName: "tipLookbackPeriod", - nullable: true, - type: { - name: "DateTime" - } - }, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "TIDataConnectorDataTypes" - } - } - } - } -}; - -export const TiTaxiiDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - workspaceId: { - serializedName: "workspaceId", - type: { - name: "String" - } - }, - friendlyName: { - serializedName: "friendlyName", - type: { - name: "String" - } - }, - taxiiServer: { - serializedName: "taxiiServer", - type: { - name: "String" - } - }, - collectionId: { - serializedName: "collectionId", - type: { - name: "String" - } - }, - userName: { - serializedName: "userName", - type: { - name: "String" - } - }, - password: { - serializedName: "password", - type: { - name: "String" - } - }, - taxiiLookbackPeriod: { - serializedName: "taxiiLookbackPeriod", - nullable: true, - type: { - name: "DateTime" - } - }, - pollingFrequency: { - serializedName: "pollingFrequency", - required: true, - nullable: true, - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypes" - } - } - } - } -}; - -export const ASCDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ASCDataConnectorProperties", - modelProperties: { - ...DataConnectorWithAlertsProperties.type.modelProperties, - subscriptionId: { - serializedName: "subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const McasDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "McasDataConnectorDataTypes", - modelProperties: { - ...AlertsDataTypeOfDataConnector.type.modelProperties, - discoveryLogs: { - serializedName: "discoveryLogs", - type: { - name: "Composite", - className: "DataConnectorDataTypeCommon" - } - } - } - } -}; - -export const MstiDataConnectorDataTypesBingSafetyPhishingURL: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorDataTypesBingSafetyPhishingURL", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties, - lookbackPeriod: { - serializedName: "lookbackPeriod", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties, - lookbackPeriod: { - serializedName: "lookbackPeriod", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MTPDataConnectorDataTypesIncidents: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPDataConnectorDataTypesIncidents", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const AwsCloudTrailDataConnectorDataTypesLogs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypesLogs", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const AwsS3DataConnectorDataTypesLogs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypesLogs", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesExchange", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficeDataConnectorDataTypesSharePoint: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesSharePoint", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficeDataConnectorDataTypesTeams: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesTeams", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const TIDataConnectorDataTypesIndicators: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TIDataConnectorDataTypesIndicators", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const TiTaxiiDataConnectorDataTypesTaxiiClient: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypesTaxiiClient", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesGraphQueriesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesGraphQueriesItem", - modelProperties: { - ...GraphQueries.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesSampleQueriesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesSampleQueriesItem", - modelProperties: { - ...SampleQueries.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesDataTypesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesDataTypesItem", - modelProperties: { - ...LastDataReceivedDataType.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem", - modelProperties: { - ...ConnectivityCriteria.type.modelProperties - } - } -}; - -export const PermissionsResourceProviderItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "PermissionsResourceProviderItem", - modelProperties: { - ...ResourceProvider.type.modelProperties - } - } -}; - -export const Customs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Customs", - modelProperties: { - ...CustomsPermission.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesInstructionStepsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesInstructionStepsItem", - modelProperties: { - ...InstructionSteps.type.modelProperties - } - } -}; - -export const InstructionStepsInstructionsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InstructionStepsInstructionsItem", - modelProperties: { - ...ConnectorInstructionModelBase.type.modelProperties - } - } -}; - -export const AlertRule: coreClient.CompositeMapper = { - serializedName: "AlertRule", - type: { - name: "Composite", - className: "AlertRule", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const ActionResponse: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionResponse", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - logicAppResourceId: { - serializedName: "properties.logicAppResourceId", - type: { - name: "String" - } - }, - workflowId: { - serializedName: "properties.workflowId", - type: { - name: "String" - } - } - } - } -}; - -export const ActionRequest: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionRequest", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - logicAppResourceId: { - serializedName: "properties.logicAppResourceId", - type: { - name: "String" - } - }, - triggerUri: { - serializedName: "properties.triggerUri", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRule: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRule", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - order: { - serializedName: "properties.order", - type: { - name: "Number" - } - }, - triggeringLogic: { - serializedName: "properties.triggeringLogic", - type: { - name: "Composite", - className: "AutomationRuleTriggeringLogic" - } - }, - actions: { - serializedName: "properties.actions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AutomationRuleAction" - } - } - } - }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "ClientInfo" - } - }, - lastModifiedBy: { - serializedName: "properties.lastModifiedBy", - type: { - name: "Composite", - className: "ClientInfo" - } - } - } - } -}; - -export const Bookmark: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Bookmark", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - notes: { - serializedName: "properties.notes", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - queryResult: { - serializedName: "properties.queryResult", - type: { - name: "String" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - eventTime: { - serializedName: "properties.eventTime", - type: { - name: "DateTime" - } - }, - queryStartTime: { - serializedName: "properties.queryStartTime", - type: { - name: "DateTime" - } - }, - queryEndTime: { - serializedName: "properties.queryEndTime", - type: { - name: "DateTime" - } - }, - incidentInfo: { - serializedName: "properties.incidentInfo", - type: { - name: "Composite", - className: "IncidentInfo" - } - } - } - } -}; - -export const Relation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Relation", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - relatedResourceId: { - serializedName: "properties.relatedResourceId", - type: { - name: "String" - } - }, - relatedResourceName: { - serializedName: "properties.relatedResourceName", - readOnly: true, - type: { - name: "String" - } - }, - relatedResourceType: { - serializedName: "properties.relatedResourceType", - readOnly: true, - type: { - name: "String" - } - }, - relatedResourceKind: { - serializedName: "properties.relatedResourceKind", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const EntityQuery: coreClient.CompositeMapper = { - serializedName: "EntityQuery", - type: { - name: "Composite", - className: "EntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const CustomEntityQuery: coreClient.CompositeMapper = { - serializedName: "CustomEntityQuery", - type: { - name: "Composite", - className: "CustomEntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const Incident: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Incident", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - type: { - name: "Composite", - className: "IncidentAdditionalData" - } - }, - classification: { - serializedName: "properties.classification", - type: { - name: "String" - } - }, - classificationComment: { - serializedName: "properties.classificationComment", - type: { - name: "String" - } - }, - classificationReason: { - serializedName: "properties.classificationReason", - type: { - name: "String" - } - }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - firstActivityTimeUtc: { - serializedName: "properties.firstActivityTimeUtc", - type: { - name: "DateTime" - } - }, - incidentUrl: { - serializedName: "properties.incidentUrl", - readOnly: true, - type: { - name: "String" - } - }, - incidentNumber: { - serializedName: "properties.incidentNumber", - readOnly: true, - type: { - name: "Number" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentLabel" - } - } - } - }, - providerName: { - serializedName: "properties.providerName", - type: { - name: "String" - } - }, - providerIncidentId: { - serializedName: "properties.providerIncidentId", - type: { - name: "String" - } - }, - lastActivityTimeUtc: { - serializedName: "properties.lastActivityTimeUtc", - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - owner: { - serializedName: "properties.owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - relatedAnalyticRuleIds: { - serializedName: "properties.relatedAnalyticRuleIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - teamInformation: { - serializedName: "properties.teamInformation", - type: { - name: "Composite", - className: "TeamInformation" - } - }, - title: { - serializedName: "properties.title", - type: { - name: "String" - } - } - } - } -}; - -export const IncidentComment: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentComment", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - message: { - serializedName: "properties.message", - type: { - name: "String" - } - }, - author: { - serializedName: "properties.author", - type: { - name: "Composite", - className: "ClientInfo" - } - } - } - } -}; - -export const MetadataModel: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataModel", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - contentId: { - serializedName: "properties.contentId", - type: { - name: "String" - } - }, - parentId: { - serializedName: "properties.parentId", - type: { - name: "String" - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - kind: { - serializedName: "properties.kind", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "Composite", - className: "MetadataSource" - } - }, - author: { - serializedName: "properties.author", - type: { - name: "Composite", - className: "MetadataAuthor" - } - }, - support: { - serializedName: "properties.support", - type: { - name: "Composite", - className: "MetadataSupport" - } - }, - dependencies: { - serializedName: "properties.dependencies", - type: { - name: "Composite", - className: "MetadataDependencies" - } - }, - categories: { - serializedName: "properties.categories", - type: { - name: "Composite", - className: "MetadataCategories" - } - }, - providers: { - serializedName: "properties.providers", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - firstPublishDate: { - serializedName: "properties.firstPublishDate", - type: { - name: "Date" - } - }, - lastPublishDate: { - serializedName: "properties.lastPublishDate", - type: { - name: "Date" - } - } - } - } -}; - -export const MetadataPatch: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataPatch", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - contentId: { - serializedName: "properties.contentId", - type: { - name: "String" - } - }, - parentId: { - serializedName: "properties.parentId", - type: { - name: "String" - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - kind: { - serializedName: "properties.kind", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "Composite", - className: "MetadataSource" - } - }, - author: { - serializedName: "properties.author", - type: { - name: "Composite", - className: "MetadataAuthor" - } - }, - support: { - serializedName: "properties.support", - type: { - name: "Composite", - className: "MetadataSupport" - } - }, - dependencies: { - serializedName: "properties.dependencies", - type: { - name: "Composite", - className: "MetadataDependencies" - } - }, - categories: { - serializedName: "properties.categories", - type: { - name: "Composite", - className: "MetadataCategories" - } - }, - providers: { - serializedName: "properties.providers", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - firstPublishDate: { - serializedName: "properties.firstPublishDate", - type: { - name: "Date" - } - }, - lastPublishDate: { - serializedName: "properties.lastPublishDate", - type: { - name: "Date" - } - } - } - } -}; - -export const SentinelOnboardingState: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SentinelOnboardingState", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - customerManagedKey: { - serializedName: "properties.customerManagedKey", - type: { - name: "Boolean" - } - } - } - } -}; - -export const Settings: coreClient.CompositeMapper = { - serializedName: "Settings", - type: { - name: "Composite", - className: "Settings", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const SourceControl: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SourceControl", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - idPropertiesId: { - serializedName: "properties.id", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - repoType: { - serializedName: "properties.repoType", - type: { - name: "String" - } - }, - contentTypes: { - serializedName: "properties.contentTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - repository: { - serializedName: "properties.repository", - type: { - name: "Composite", - className: "Repository" - } - } - } - } -}; - -export const Watchlist: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Watchlist", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - watchlistId: { - serializedName: "properties.watchlistId", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - provider: { - serializedName: "properties.provider", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "String" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - watchlistType: { - serializedName: "properties.watchlistType", - type: { - name: "String" - } - }, - watchlistAlias: { - serializedName: "properties.watchlistAlias", - type: { - name: "String" - } - }, - isDeleted: { - serializedName: "properties.isDeleted", - type: { - name: "Boolean" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - defaultDuration: { - serializedName: "properties.defaultDuration", - type: { - name: "TimeSpan" - } - }, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - numberOfLinesToSkip: { - serializedName: "properties.numberOfLinesToSkip", - type: { - name: "Number" - } - }, - rawContent: { - serializedName: "properties.rawContent", - type: { - name: "String" - } - }, - itemsSearchKey: { - serializedName: "properties.itemsSearchKey", - type: { - name: "String" - } - }, - contentType: { - serializedName: "properties.contentType", - type: { - name: "String" - } - }, - uploadStatus: { - serializedName: "properties.uploadStatus", - type: { - name: "String" - } - }, - watchlistItemsCount: { - serializedName: "properties.watchlistItemsCount", - type: { - name: "Number" - } - } - } - } -}; - -export const WatchlistItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "WatchlistItem", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - watchlistItemType: { - serializedName: "properties.watchlistItemType", - type: { - name: "String" - } - }, - watchlistItemId: { - serializedName: "properties.watchlistItemId", - type: { - name: "String" - } - }, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - isDeleted: { - serializedName: "properties.isDeleted", - type: { - name: "Boolean" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - itemsKeyValue: { - serializedName: "properties.itemsKeyValue", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - entityMapping: { - serializedName: "properties.entityMapping", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const DataConnector: coreClient.CompositeMapper = { - serializedName: "DataConnector", - type: { - name: "Composite", - className: "DataConnector", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "MLBehaviorAnalytics", - type: { - name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "Fusion", - type: { - name: "Composite", - className: "FusionAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "MicrosoftSecurityIncidentCreation", - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - displayNamesFilter: { - serializedName: "properties.displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "properties.displayNamesExcludeFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - productFilter: { - serializedName: "properties.productFilter", - type: { - name: "String" - } - }, - severitiesFilter: { - serializedName: "properties.severitiesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "Scheduled", - type: { - name: "Composite", - className: "ScheduledAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "properties.entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } - } - }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - }, - queryFrequency: { - serializedName: "properties.queryFrequency", - type: { - name: "TimeSpan" - } - }, - queryPeriod: { - serializedName: "properties.queryPeriod", - type: { - name: "TimeSpan" - } - }, - triggerOperator: { - serializedName: "properties.triggerOperator", - type: { - name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] - } - }, - triggerThreshold: { - serializedName: "properties.triggerThreshold", - type: { - name: "Number" - } - }, - eventGroupingSettings: { - serializedName: "properties.eventGroupingSettings", - type: { - name: "Composite", - className: "EventGroupingSettings" - } - } - } - } -}; - -export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "NRT", - type: { - name: "Composite", - className: "NrtAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "properties.entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } - } - }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - } - } - } -}; - -export const SecurityAlert: coreClient.CompositeMapper = { - serializedName: "SecurityAlert", - type: { - name: "Composite", - className: "SecurityAlert", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - alertDisplayName: { - serializedName: "properties.alertDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - alertType: { - serializedName: "properties.alertType", - readOnly: true, - type: { - name: "String" - } - }, - compromisedEntity: { - serializedName: "properties.compromisedEntity", - readOnly: true, - type: { - name: "String" - } - }, - confidenceLevel: { - serializedName: "properties.confidenceLevel", - readOnly: true, - type: { - name: "String" - } - }, - confidenceReasons: { - serializedName: "properties.confidenceReasons", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SecurityAlertPropertiesConfidenceReasonsItem" - } - } - } - }, - confidenceScore: { - serializedName: "properties.confidenceScore", - readOnly: true, - type: { - name: "Number" - } - }, - confidenceScoreStatus: { - serializedName: "properties.confidenceScoreStatus", - readOnly: true, - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - readOnly: true, - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "properties.endTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - intent: { - serializedName: "properties.intent", - readOnly: true, - type: { - name: "String" - } - }, - providerAlertId: { - serializedName: "properties.providerAlertId", - readOnly: true, - type: { - name: "String" - } - }, - processingEndTime: { - serializedName: "properties.processingEndTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - productComponentName: { - serializedName: "properties.productComponentName", - readOnly: true, - type: { - name: "String" - } - }, - productName: { - serializedName: "properties.productName", - readOnly: true, - type: { - name: "String" - } - }, - productVersion: { - serializedName: "properties.productVersion", - readOnly: true, - type: { - name: "String" - } - }, - remediationSteps: { - serializedName: "properties.remediationSteps", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - startTimeUtc: { - serializedName: "properties.startTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - status: { - serializedName: "properties.status", - readOnly: true, - type: { - name: "String" - } - }, - systemAlertId: { - serializedName: "properties.systemAlertId", - readOnly: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - timeGenerated: { - serializedName: "properties.timeGenerated", - readOnly: true, - type: { - name: "DateTime" - } - }, - vendorName: { - serializedName: "properties.vendorName", - readOnly: true, - type: { - name: "String" - } - }, - alertLink: { - serializedName: "properties.alertLink", - readOnly: true, - type: { - name: "String" - } - }, - resourceIdentifiers: { - serializedName: "properties.resourceIdentifiers", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } - } - } -}; - -export const HuntingBookmark: coreClient.CompositeMapper = { - serializedName: "Bookmark", - type: { - name: "Composite", - className: "HuntingBookmark", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - eventTime: { - serializedName: "properties.eventTime", - type: { - name: "DateTime" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - notes: { - serializedName: "properties.notes", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - queryResult: { - serializedName: "properties.queryResult", - type: { - name: "String" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - incidentInfo: { - serializedName: "properties.incidentInfo", - type: { - name: "Composite", - className: "IncidentInfo" - } - } - } - } -}; - -export const AccountEntity: coreClient.CompositeMapper = { - serializedName: "Account", - type: { - name: "Composite", - className: "AccountEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - aadTenantId: { - serializedName: "properties.aadTenantId", - readOnly: true, - type: { - name: "String" - } - }, - aadUserId: { - serializedName: "properties.aadUserId", - readOnly: true, - type: { - name: "String" - } - }, - accountName: { - serializedName: "properties.accountName", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - isDomainJoined: { - serializedName: "properties.isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - ntDomain: { - serializedName: "properties.ntDomain", - readOnly: true, - type: { - name: "String" - } - }, - objectGuid: { - serializedName: "properties.objectGuid", - readOnly: true, - type: { - name: "Uuid" - } - }, - puid: { - serializedName: "properties.puid", - readOnly: true, - type: { - name: "String" - } - }, - sid: { - serializedName: "properties.sid", - readOnly: true, - type: { - name: "String" - } - }, - upnSuffix: { - serializedName: "properties.upnSuffix", - readOnly: true, - type: { - name: "String" - } - }, - dnsDomain: { - serializedName: "properties.dnsDomain", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const AzureResourceEntity: coreClient.CompositeMapper = { - serializedName: "AzureResource", - type: { - name: "Composite", - className: "AzureResourceEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - resourceId: { - serializedName: "properties.resourceId", - readOnly: true, - type: { - name: "String" - } - }, - subscriptionId: { - serializedName: "properties.subscriptionId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const CloudApplicationEntity: coreClient.CompositeMapper = { - serializedName: "CloudApplication", - type: { - name: "Composite", - className: "CloudApplicationEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - appId: { - serializedName: "properties.appId", - readOnly: true, - type: { - name: "Number" - } - }, - appName: { - serializedName: "properties.appName", - readOnly: true, - type: { - name: "String" - } - }, - instanceName: { - serializedName: "properties.instanceName", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const DnsEntity: coreClient.CompositeMapper = { - serializedName: "DnsResolution", - type: { - name: "Composite", - className: "DnsEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - dnsServerIpEntityId: { - serializedName: "properties.dnsServerIpEntityId", - readOnly: true, - type: { - name: "String" - } - }, - domainName: { - serializedName: "properties.domainName", - readOnly: true, - type: { - name: "String" - } - }, - hostIpAddressEntityId: { - serializedName: "properties.hostIpAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityIds: { - serializedName: "properties.ipAddressEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const FileEntity: coreClient.CompositeMapper = { - serializedName: "File", - type: { - name: "Composite", - className: "FileEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - directory: { - serializedName: "properties.directory", - readOnly: true, - type: { - name: "String" - } - }, - fileHashEntityIds: { - serializedName: "properties.fileHashEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - fileName: { - serializedName: "properties.fileName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const FileHashEntity: coreClient.CompositeMapper = { - serializedName: "FileHash", - type: { - name: "Composite", - className: "FileHashEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - algorithm: { - serializedName: "properties.algorithm", - readOnly: true, - type: { - name: "String" - } - }, - hashValue: { - serializedName: "properties.hashValue", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const HostEntity: coreClient.CompositeMapper = { - serializedName: "Host", - type: { - name: "Composite", - className: "HostEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - azureID: { - serializedName: "properties.azureID", - readOnly: true, - type: { - name: "String" - } - }, - dnsDomain: { - serializedName: "properties.dnsDomain", - readOnly: true, - type: { - name: "String" - } - }, - hostName: { - serializedName: "properties.hostName", - readOnly: true, - type: { - name: "String" - } - }, - isDomainJoined: { - serializedName: "properties.isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - netBiosName: { - serializedName: "properties.netBiosName", - readOnly: true, - type: { - name: "String" - } - }, - ntDomain: { - serializedName: "properties.ntDomain", - readOnly: true, - type: { - name: "String" - } - }, - omsAgentID: { - serializedName: "properties.omsAgentID", - readOnly: true, - type: { - name: "String" - } - }, - osFamily: { - serializedName: "properties.osFamily", - type: { - name: "Enum", - allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] - } - }, - osVersion: { - serializedName: "properties.osVersion", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const IoTDeviceEntity: coreClient.CompositeMapper = { - serializedName: "IoTDevice", - type: { - name: "Composite", - className: "IoTDeviceEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - deviceId: { - serializedName: "properties.deviceId", - readOnly: true, - type: { - name: "String" - } - }, - deviceName: { - serializedName: "properties.deviceName", - readOnly: true, - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - readOnly: true, - type: { - name: "String" - } - }, - iotSecurityAgentId: { - serializedName: "properties.iotSecurityAgentId", - readOnly: true, - type: { - name: "Uuid" - } - }, - deviceType: { - serializedName: "properties.deviceType", - readOnly: true, - type: { - name: "String" - } - }, - vendor: { - serializedName: "properties.vendor", - readOnly: true, - type: { - name: "String" - } - }, - edgeId: { - serializedName: "properties.edgeId", - readOnly: true, - type: { - name: "String" - } - }, - macAddress: { - serializedName: "properties.macAddress", - readOnly: true, - type: { - name: "String" - } - }, - model: { - serializedName: "properties.model", - readOnly: true, - type: { - name: "String" - } - }, - serialNumber: { - serializedName: "properties.serialNumber", - readOnly: true, - type: { - name: "String" - } - }, - firmwareVersion: { - serializedName: "properties.firmwareVersion", - readOnly: true, - type: { - name: "String" - } - }, - operatingSystem: { - serializedName: "properties.operatingSystem", - readOnly: true, - type: { - name: "String" - } - }, - iotHubEntityId: { - serializedName: "properties.iotHubEntityId", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityId: { - serializedName: "properties.ipAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligence: { - serializedName: "properties.threatIntelligence", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligence" - } - } - } - }, - protocols: { - serializedName: "properties.protocols", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const IpEntity: coreClient.CompositeMapper = { - serializedName: "Ip", - type: { - name: "Composite", - className: "IpEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - address: { - serializedName: "properties.address", - readOnly: true, - type: { - name: "String" - } - }, - location: { - serializedName: "properties.location", - type: { - name: "Composite", - className: "GeoLocation" - } - }, - threatIntelligence: { - serializedName: "properties.threatIntelligence", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligence" - } - } - } - } - } - } -}; - -export const MailboxEntity: coreClient.CompositeMapper = { - serializedName: "Mailbox", - type: { - name: "Composite", - className: "MailboxEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - mailboxPrimaryAddress: { - serializedName: "properties.mailboxPrimaryAddress", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - readOnly: true, - type: { - name: "String" - } - }, - upn: { - serializedName: "properties.upn", - readOnly: true, - type: { - name: "String" - } - }, - externalDirectoryObjectId: { - serializedName: "properties.externalDirectoryObjectId", - readOnly: true, - type: { - name: "Uuid" - } - } - } - } -}; - -export const MailClusterEntity: coreClient.CompositeMapper = { - serializedName: "MailCluster", - type: { - name: "Composite", - className: "MailClusterEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - networkMessageIds: { - serializedName: "properties.networkMessageIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - countByDeliveryStatus: { - serializedName: "properties.countByDeliveryStatus", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - countByThreatType: { - serializedName: "properties.countByThreatType", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - countByProtectionStatus: { - serializedName: "properties.countByProtectionStatus", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - threats: { - serializedName: "properties.threats", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - query: { - serializedName: "properties.query", - readOnly: true, - type: { - name: "String" - } - }, - queryTime: { - serializedName: "properties.queryTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - mailCount: { - serializedName: "properties.mailCount", - readOnly: true, - type: { - name: "Number" - } - }, - isVolumeAnomaly: { - serializedName: "properties.isVolumeAnomaly", - readOnly: true, - type: { - name: "Boolean" - } - }, - source: { - serializedName: "properties.source", - readOnly: true, - type: { - name: "String" - } - }, - clusterSourceIdentifier: { - serializedName: "properties.clusterSourceIdentifier", - readOnly: true, - type: { - name: "String" - } - }, - clusterSourceType: { - serializedName: "properties.clusterSourceType", - readOnly: true, - type: { - name: "String" - } - }, - clusterQueryStartTime: { - serializedName: "properties.clusterQueryStartTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - clusterQueryEndTime: { - serializedName: "properties.clusterQueryEndTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - clusterGroup: { - serializedName: "properties.clusterGroup", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const MailMessageEntity: coreClient.CompositeMapper = { - serializedName: "MailMessage", - type: { - name: "Composite", - className: "MailMessageEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - fileEntityIds: { - serializedName: "properties.fileEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - recipient: { - serializedName: "properties.recipient", - readOnly: true, - type: { - name: "String" - } - }, - urls: { - serializedName: "properties.urls", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - threats: { - serializedName: "properties.threats", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - p1Sender: { - serializedName: "properties.p1Sender", - readOnly: true, - type: { - name: "String" - } - }, - p1SenderDisplayName: { - serializedName: "properties.p1SenderDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - p1SenderDomain: { - serializedName: "properties.p1SenderDomain", - readOnly: true, - type: { - name: "String" - } - }, - senderIP: { - serializedName: "properties.senderIP", - readOnly: true, - type: { - name: "String" - } - }, - p2Sender: { - serializedName: "properties.p2Sender", - readOnly: true, - type: { - name: "String" - } - }, - p2SenderDisplayName: { - serializedName: "properties.p2SenderDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - p2SenderDomain: { - serializedName: "properties.p2SenderDomain", - readOnly: true, - type: { - name: "String" - } - }, - receiveDate: { - serializedName: "properties.receiveDate", - readOnly: true, - type: { - name: "DateTime" - } - }, - networkMessageId: { - serializedName: "properties.networkMessageId", - readOnly: true, - type: { - name: "Uuid" - } - }, - internetMessageId: { - serializedName: "properties.internetMessageId", - readOnly: true, - type: { - name: "String" - } - }, - subject: { - serializedName: "properties.subject", - readOnly: true, - type: { - name: "String" - } - }, - language: { - serializedName: "properties.language", - readOnly: true, - type: { - name: "String" - } - }, - threatDetectionMethods: { - serializedName: "properties.threatDetectionMethods", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - bodyFingerprintBin1: { - serializedName: "properties.bodyFingerprintBin1", - type: { - name: "Number" - } - }, - bodyFingerprintBin2: { - serializedName: "properties.bodyFingerprintBin2", - type: { - name: "Number" - } - }, - bodyFingerprintBin3: { - serializedName: "properties.bodyFingerprintBin3", - type: { - name: "Number" - } - }, - bodyFingerprintBin4: { - serializedName: "properties.bodyFingerprintBin4", - type: { - name: "Number" - } - }, - bodyFingerprintBin5: { - serializedName: "properties.bodyFingerprintBin5", - type: { - name: "Number" - } - }, - antispamDirection: { - serializedName: "properties.antispamDirection", - type: { - name: "String" - } - }, - deliveryAction: { - serializedName: "properties.deliveryAction", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "DeliveredAsSpam", - "Delivered", - "Blocked", - "Replaced" - ] - } - }, - deliveryLocation: { - serializedName: "properties.deliveryLocation", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "Inbox", - "JunkFolder", - "DeletedFolder", - "Quarantine", - "External", - "Failed", - "Dropped", - "Forwarded" - ] - } - } - } - } -}; - -export const MalwareEntity: coreClient.CompositeMapper = { - serializedName: "Malware", - type: { - name: "Composite", - className: "MalwareEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - category: { - serializedName: "properties.category", - readOnly: true, - type: { - name: "String" - } - }, - fileEntityIds: { - serializedName: "properties.fileEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - malwareName: { - serializedName: "properties.malwareName", - readOnly: true, - type: { - name: "String" - } - }, - processEntityIds: { - serializedName: "properties.processEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ProcessEntity: coreClient.CompositeMapper = { - serializedName: "Process", - type: { - name: "Composite", - className: "ProcessEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - accountEntityId: { - serializedName: "properties.accountEntityId", - readOnly: true, - type: { - name: "String" - } - }, - commandLine: { - serializedName: "properties.commandLine", - readOnly: true, - type: { - name: "String" - } - }, - creationTimeUtc: { - serializedName: "properties.creationTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - elevationToken: { - serializedName: "properties.elevationToken", - type: { - name: "Enum", - allowedValues: ["Default", "Full", "Limited"] - } - }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - hostLogonSessionEntityId: { - serializedName: "properties.hostLogonSessionEntityId", - readOnly: true, - type: { - name: "String" - } - }, - imageFileEntityId: { - serializedName: "properties.imageFileEntityId", - readOnly: true, - type: { - name: "String" - } - }, - parentProcessEntityId: { - serializedName: "properties.parentProcessEntityId", - readOnly: true, - type: { - name: "String" - } - }, - processId: { - serializedName: "properties.processId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const RegistryKeyEntity: coreClient.CompositeMapper = { - serializedName: "RegistryKey", - type: { - name: "Composite", - className: "RegistryKeyEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - hive: { - serializedName: "properties.hive", - readOnly: true, - type: { - name: "String" - } - }, - key: { - serializedName: "properties.key", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const RegistryValueEntity: coreClient.CompositeMapper = { - serializedName: "RegistryValue", - type: { - name: "Composite", - className: "RegistryValueEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - keyEntityId: { - serializedName: "properties.keyEntityId", - readOnly: true, - type: { - name: "String" - } - }, - valueData: { - serializedName: "properties.valueData", - readOnly: true, - type: { - name: "String" - } - }, - valueName: { - serializedName: "properties.valueName", - readOnly: true, - type: { - name: "String" - } - }, - valueType: { - serializedName: "properties.valueType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const SecurityGroupEntity: coreClient.CompositeMapper = { - serializedName: "SecurityGroup", - type: { - name: "Composite", - className: "SecurityGroupEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - distinguishedName: { - serializedName: "properties.distinguishedName", - readOnly: true, - type: { - name: "String" - } - }, - objectGuid: { - serializedName: "properties.objectGuid", - readOnly: true, - type: { - name: "Uuid" - } - }, - sid: { - serializedName: "properties.sid", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const SubmissionMailEntity: coreClient.CompositeMapper = { - serializedName: "SubmissionMail", - type: { - name: "Composite", - className: "SubmissionMailEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - networkMessageId: { - serializedName: "properties.networkMessageId", - readOnly: true, - type: { - name: "Uuid" - } - }, - submissionId: { - serializedName: "properties.submissionId", - readOnly: true, - type: { - name: "Uuid" - } - }, - submitter: { - serializedName: "properties.submitter", - readOnly: true, - type: { - name: "String" - } - }, - submissionDate: { - serializedName: "properties.submissionDate", - readOnly: true, - type: { - name: "DateTime" - } - }, - timestamp: { - serializedName: "properties.timestamp", - readOnly: true, - type: { - name: "DateTime" - } - }, - recipient: { - serializedName: "properties.recipient", - readOnly: true, - type: { - name: "String" - } - }, - sender: { - serializedName: "properties.sender", - readOnly: true, - type: { - name: "String" - } - }, - senderIp: { - serializedName: "properties.senderIp", - readOnly: true, - type: { - name: "String" - } - }, - subject: { - serializedName: "properties.subject", - readOnly: true, - type: { - name: "String" - } - }, - reportType: { - serializedName: "properties.reportType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const UrlEntity: coreClient.CompositeMapper = { - serializedName: "Url", - type: { - name: "Composite", - className: "UrlEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - url: { - serializedName: "properties.url", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const ActivityEntityQueryTemplate: coreClient.CompositeMapper = { - serializedName: "Activity", - type: { - name: "Composite", - className: "ActivityEntityQueryTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...EntityQueryTemplate.type.modelProperties, - title: { - serializedName: "properties.title", - type: { - name: "String" - } - }, - content: { - serializedName: "properties.content", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - queryDefinitions: { - serializedName: "properties.queryDefinitions", - type: { - name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "DataTypeDefinitions" - } - } - } - }, - inputEntityType: { - serializedName: "properties.inputEntityType", - type: { - name: "String" - } - }, - requiredInputFieldsSets: { - serializedName: "properties.requiredInputFieldsSets", - type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - }, - entitiesFilter: { - serializedName: "properties.entitiesFilter", - type: { - name: "Dictionary", - value: { - type: { name: "Sequence", element: { type: { name: "String" } } } - } - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { - serializedName: "indicator", - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorModel", - uberParent: "ThreatIntelligenceResourceKind", - polymorphicDiscriminator: - ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, - modelProperties: { - ...ThreatIntelligenceInformation.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligenceTags: { - serializedName: "properties.threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - lastUpdatedTimeUtc: { - serializedName: "properties.lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - indicatorTypes: { - serializedName: "properties.indicatorTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - pattern: { - serializedName: "properties.pattern", - type: { - name: "String" - } - }, - patternType: { - serializedName: "properties.patternType", - type: { - name: "String" - } - }, - patternVersion: { - serializedName: "properties.patternVersion", - type: { - name: "String" - } - }, - killChainPhases: { - serializedName: "properties.killChainPhases", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceKillChainPhase" - } - } - } - }, - parsedPattern: { - serializedName: "properties.parsedPattern", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern" - } - } - } - }, - externalId: { - serializedName: "properties.externalId", - type: { - name: "String" - } - }, - createdByRef: { - serializedName: "properties.createdByRef", - type: { - name: "String" - } - }, - defanged: { - serializedName: "properties.defanged", - type: { - name: "Boolean" - } - }, - externalLastUpdatedTimeUtc: { - serializedName: "properties.externalLastUpdatedTimeUtc", - type: { - name: "String" - } - }, - externalReferences: { - serializedName: "properties.externalReferences", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference" - } - } - } - }, - granularMarkings: { - serializedName: "properties.granularMarkings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel" - } - } - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - revoked: { - serializedName: "properties.revoked", - type: { - name: "Boolean" - } - }, - confidence: { - serializedName: "properties.confidence", - type: { - name: "Number" - } - }, - objectMarkingRefs: { - serializedName: "properties.objectMarkingRefs", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - language: { - serializedName: "properties.language", - type: { - name: "String" - } - }, - threatTypes: { - serializedName: "properties.threatTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - validFrom: { - serializedName: "properties.validFrom", - type: { - name: "String" - } - }, - validUntil: { - serializedName: "properties.validUntil", - type: { - name: "String" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "String" - } - }, - modified: { - serializedName: "properties.modified", - type: { - name: "String" - } - }, - extensions: { - serializedName: "properties.extensions", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const PermissionsCustomsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "PermissionsCustomsItem", - modelProperties: { - ...Customs.type.modelProperties - } - } -}; - -export const MLBehaviorAnalyticsAlertRule: coreClient.CompositeMapper = { - serializedName: "MLBehaviorAnalytics", - type: { - name: "Composite", - className: "MLBehaviorAnalyticsAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - readOnly: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - severity: { - serializedName: "properties.severity", - readOnly: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const FusionAlertRule: coreClient.CompositeMapper = { - serializedName: "Fusion", - type: { - name: "Composite", - className: "FusionAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - readOnly: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - severity: { - serializedName: "properties.severity", - readOnly: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceAlertRule: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - readOnly: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - severity: { - serializedName: "properties.severity", - readOnly: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMapper = { - serializedName: "MicrosoftSecurityIncidentCreation", - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - displayNamesFilter: { - serializedName: "properties.displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "properties.displayNamesExcludeFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - productFilter: { - serializedName: "properties.productFilter", - type: { - name: "String" - } - }, - severitiesFilter: { - serializedName: "properties.severitiesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - } - } - } -}; - -export const ScheduledAlertRule: coreClient.CompositeMapper = { - serializedName: "Scheduled", - type: { - name: "Composite", - className: "ScheduledAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - queryFrequency: { - serializedName: "properties.queryFrequency", - type: { - name: "TimeSpan" - } - }, - queryPeriod: { - serializedName: "properties.queryPeriod", - type: { - name: "TimeSpan" - } - }, - triggerOperator: { - serializedName: "properties.triggerOperator", - type: { - name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] - } - }, - triggerThreshold: { - serializedName: "properties.triggerThreshold", - type: { - name: "Number" - } - }, - eventGroupingSettings: { - serializedName: "properties.eventGroupingSettings", - type: { - name: "Composite", - className: "EventGroupingSettings" - } - }, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - templateVersion: { - serializedName: "properties.templateVersion", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - suppressionDuration: { - serializedName: "properties.suppressionDuration", - type: { - name: "TimeSpan" - } - }, - suppressionEnabled: { - serializedName: "properties.suppressionEnabled", - type: { - name: "Boolean" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - incidentConfiguration: { - serializedName: "properties.incidentConfiguration", - type: { - name: "Composite", - className: "IncidentConfiguration" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "properties.entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } - } - }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - } - } - } -}; - -export const NrtAlertRule: coreClient.CompositeMapper = { - serializedName: "NRT", - type: { - name: "Composite", - className: "NrtAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - templateVersion: { - serializedName: "properties.templateVersion", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - suppressionDuration: { - serializedName: "properties.suppressionDuration", - type: { - name: "TimeSpan" - } - }, - suppressionEnabled: { - serializedName: "properties.suppressionEnabled", - type: { - name: "Boolean" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - incidentConfiguration: { - serializedName: "properties.incidentConfiguration", - type: { - name: "Composite", - className: "IncidentConfiguration" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "properties.entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } - } - }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - } - } - } -}; - -export const ExpansionEntityQuery: coreClient.CompositeMapper = { - serializedName: "Expansion", - type: { - name: "Composite", - className: "ExpansionEntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...EntityQuery.type.modelProperties, - dataSources: { - serializedName: "properties.dataSources", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - inputEntityType: { - serializedName: "properties.inputEntityType", - type: { - name: "String" - } - }, - inputFields: { - serializedName: "properties.inputFields", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - outputEntityTypes: { - serializedName: "properties.outputEntityTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - queryTemplate: { - serializedName: "properties.queryTemplate", - type: { - name: "String" - } - } - } - } -}; - -export const ActivityEntityQuery: coreClient.CompositeMapper = { - serializedName: "Activity", - type: { - name: "Composite", - className: "ActivityEntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...EntityQuery.type.modelProperties, - title: { - serializedName: "properties.title", - type: { - name: "String" - } - }, - content: { - serializedName: "properties.content", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - queryDefinitions: { - serializedName: "properties.queryDefinitions", - type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions" - } - }, - inputEntityType: { - serializedName: "properties.inputEntityType", - type: { - name: "String" - } - }, - requiredInputFieldsSets: { - serializedName: "properties.requiredInputFieldsSets", - type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - }, - entitiesFilter: { - serializedName: "properties.entitiesFilter", - type: { - name: "Dictionary", - value: { - type: { name: "Sequence", element: { type: { name: "String" } } } - } - } - }, - templateName: { - serializedName: "properties.templateName", - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - } - } - } -}; - -export const ActivityCustomEntityQuery: coreClient.CompositeMapper = { - serializedName: "Activity", - type: { - name: "Composite", - className: "ActivityCustomEntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...CustomEntityQuery.type.modelProperties, - title: { - serializedName: "properties.title", - type: { - name: "String" - } - }, - content: { - serializedName: "properties.content", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - queryDefinitions: { - serializedName: "properties.queryDefinitions", - type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions" - } - }, - inputEntityType: { - serializedName: "properties.inputEntityType", - type: { - name: "String" - } - }, - requiredInputFieldsSets: { - serializedName: "properties.requiredInputFieldsSets", - type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - }, - entitiesFilter: { - serializedName: "properties.entitiesFilter", - type: { - name: "Dictionary", - value: { - type: { name: "Sequence", element: { type: { name: "String" } } } - } - } - }, - templateName: { - serializedName: "properties.templateName", - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - } - } - } -}; - -export const Anomalies: coreClient.CompositeMapper = { - serializedName: "Anomalies", - type: { - name: "Composite", - className: "Anomalies", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - isEnabled: { - serializedName: "properties.isEnabled", - readOnly: true, - type: { - name: "Boolean" - } - } - } - } -}; - -export const EyesOn: coreClient.CompositeMapper = { - serializedName: "EyesOn", - type: { - name: "Composite", - className: "EyesOn", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - isEnabled: { - serializedName: "properties.isEnabled", - readOnly: true, - type: { - name: "Boolean" - } - } - } - } -}; - -export const EntityAnalytics: coreClient.CompositeMapper = { - serializedName: "EntityAnalytics", - type: { - name: "Composite", - className: "EntityAnalytics", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - isEnabled: { - serializedName: "properties.isEnabled", - readOnly: true, - type: { - name: "Boolean" - } - } - } - } -}; - -export const Ueba: coreClient.CompositeMapper = { - serializedName: "Ueba", - type: { - name: "Composite", - className: "Ueba", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - dataSources: { - serializedName: "properties.dataSources", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const AADDataConnector: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", - type: { - name: "Composite", - className: "AADDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } - } - } -}; - -export const MstiDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "MstiDataConnectorDataTypes" - } - } - } - } -}; - -export const MTPDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", - type: { - name: "Composite", - className: "MTPDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "MTPDataConnectorDataTypes" - } - } - } - } -}; - -export const AatpDataConnector: coreClient.CompositeMapper = { - serializedName: "AzureAdvancedThreatProtection", - type: { - name: "Composite", - className: "AatpDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } - } - } -}; - -export const ASCDataConnector: coreClient.CompositeMapper = { - serializedName: "AzureSecurityCenter", - type: { - name: "Composite", - className: "ASCDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - }, - subscriptionId: { - serializedName: "properties.subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const AwsCloudTrailDataConnector: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesCloudTrail", - type: { - name: "Composite", - className: "AwsCloudTrailDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - awsRoleArn: { - serializedName: "properties.awsRoleArn", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypes" - } - } - } - } -}; - -export const AwsS3DataConnector: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3DataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - destinationTable: { - serializedName: "properties.destinationTable", - type: { - name: "String" - } - }, - sqsUrls: { - serializedName: "properties.sqsUrls", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - roleArn: { - serializedName: "properties.roleArn", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypes" - } - } - } - } -}; - -export const McasDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftCloudAppSecurity", - type: { - name: "Composite", - className: "McasDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "McasDataConnectorDataTypes" - } - } - } - } -}; - -export const Dynamics365DataConnector: coreClient.CompositeMapper = { - serializedName: "Dynamics365", - type: { - name: "Composite", - className: "Dynamics365DataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypes" - } - } - } - } -}; - -export const OfficeATPDataConnector: coreClient.CompositeMapper = { - serializedName: "OfficeATP", - type: { - name: "Composite", - className: "OfficeATPDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } - } - } -}; - -export const OfficeIRMDataConnector: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } - } - } -}; - -export const MdatpDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } - } - } -}; - -export const OfficeDataConnector: coreClient.CompositeMapper = { - serializedName: "Office365", - type: { - name: "Composite", - className: "OfficeDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypes" - } - } - } - } -}; - -export const TIDataConnector: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TIDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - tipLookbackPeriod: { - serializedName: "properties.tipLookbackPeriod", - nullable: true, - type: { - name: "DateTime" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "TIDataConnectorDataTypes" - } - } - } - } -}; - -export const TiTaxiiDataConnector: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - workspaceId: { - serializedName: "properties.workspaceId", - type: { - name: "String" - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - type: { - name: "String" - } - }, - taxiiServer: { - serializedName: "properties.taxiiServer", - type: { - name: "String" - } - }, - collectionId: { - serializedName: "properties.collectionId", - type: { - name: "String" - } - }, - userName: { - serializedName: "properties.userName", - type: { - name: "String" - } - }, - password: { - serializedName: "properties.password", - type: { - name: "String" - } - }, - taxiiLookbackPeriod: { - serializedName: "properties.taxiiLookbackPeriod", - nullable: true, - type: { - name: "DateTime" - } - }, - pollingFrequency: { - serializedName: "properties.pollingFrequency", - nullable: true, - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypes" - } - } - } - } -}; - -export const CodelessUiDataConnector: coreClient.CompositeMapper = { - serializedName: "GenericUI", - type: { - name: "Composite", - className: "CodelessUiDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - connectorUiConfig: { - serializedName: "properties.connectorUiConfig", - type: { - name: "Composite", - className: "CodelessUiConnectorConfigProperties" - } - } - } - } -}; - -export const CodelessApiPollingDataConnector: coreClient.CompositeMapper = { - serializedName: "APIPolling", - type: { - name: "Composite", - className: "CodelessApiPollingDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - connectorUiConfig: { - serializedName: "properties.connectorUiConfig", - type: { - name: "Composite", - className: "CodelessUiConnectorConfigProperties" - } - }, - pollingConfig: { - serializedName: "properties.pollingConfig", - type: { - name: "Composite", - className: "CodelessConnectorPollingConfigProperties" - } } } } }; export let discriminators = { - AutomationRuleCondition: AutomationRuleCondition, - AutomationRuleAction: AutomationRuleAction, - EntityTimelineItem: EntityTimelineItem, - EntityQueryItem: EntityQueryItem, - DataConnectorsCheckRequirements: DataConnectorsCheckRequirements, + "ResourceWithEtag.AlertRule": AlertRule, + "ResourceWithEtag.DataConnector": DataConnector, + "ResourceWithEtag.Settings": Settings, "Resource.AlertRuleTemplate": AlertRuleTemplate, - "Resource.Entity": Entity, - "Resource.EntityQueryTemplate": EntityQueryTemplate, - "AutomationRuleCondition.Property": AutomationRulePropertyValuesCondition, - "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, - "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, - "EntityTimelineItem.Activity": ActivityTimelineItem, - "EntityTimelineItem.Bookmark": BookmarkTimelineItem, - "EntityTimelineItem.SecurityAlert": SecurityAlertTimelineItem, - "EntityQueryItem.Insight": InsightQueryItem, - "DataConnectorsCheckRequirements.AzureActiveDirectory": AADCheckRequirements, - "DataConnectorsCheckRequirements.AzureAdvancedThreatProtection": AatpCheckRequirements, - "DataConnectorsCheckRequirements.AzureSecurityCenter": ASCCheckRequirements, - "DataConnectorsCheckRequirements.AmazonWebServicesCloudTrail": AwsCloudTrailCheckRequirements, - "DataConnectorsCheckRequirements.AmazonWebServicesS3": AwsS3CheckRequirements, - "DataConnectorsCheckRequirements.Dynamics365": Dynamics365CheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftCloudAppSecurity": McasCheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftDefenderAdvancedThreatProtection": MdatpCheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftThreatIntelligence": MstiCheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, - "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, - "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, - "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, - "DataConnectorsCheckRequirements.ThreatIntelligenceTaxii": TiTaxiiCheckRequirements, - "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, - "Resource.AlertRule": AlertRule, - "Resource.EntityQuery": EntityQuery, - "Resource.CustomEntityQuery": CustomEntityQuery, - "Resource.Settings": Settings, - "Resource.DataConnector": DataConnector, - "Resource.MLBehaviorAnalytics": MLBehaviorAnalyticsAlertRule, - "Resource.Fusion": FusionAlertRule, - "Resource.ThreatIntelligence": TIDataConnector, - "Resource.MicrosoftSecurityIncidentCreation": MicrosoftSecurityIncidentCreationAlertRule, - "Resource.Scheduled": ScheduledAlertRule, - "Resource.NRT": NrtAlertRule, - "Resource.SecurityAlert": SecurityAlert, - "Resource.Bookmark": HuntingBookmark, - "Resource.Account": AccountEntity, - "Resource.AzureResource": AzureResourceEntity, - "Resource.CloudApplication": CloudApplicationEntity, - "Resource.DnsResolution": DnsEntity, - "Resource.File": FileEntity, - "Resource.FileHash": FileHashEntity, - "Resource.Host": HostEntity, - "Resource.IoTDevice": IoTDeviceEntity, - "Resource.Ip": IpEntity, - "Resource.Mailbox": MailboxEntity, - "Resource.MailCluster": MailClusterEntity, - "Resource.MailMessage": MailMessageEntity, - "Resource.Malware": MalwareEntity, - "Resource.Process": ProcessEntity, - "Resource.RegistryKey": RegistryKeyEntity, - "Resource.RegistryValue": RegistryValueEntity, - "Resource.SecurityGroup": SecurityGroupEntity, - "Resource.SubmissionMail": SubmissionMailEntity, - "Resource.Url": UrlEntity, - "Resource.Activity": ActivityCustomEntityQuery, - "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, - "Resource.Expansion": ExpansionEntityQuery, - "Resource.Anomalies": Anomalies, - "Resource.EyesOn": EyesOn, - "Resource.EntityAnalytics": EntityAnalytics, - "Resource.Ueba": Ueba, - "Resource.AzureActiveDirectory": AADDataConnector, - "Resource.MicrosoftThreatIntelligence": MstiDataConnector, - "Resource.MicrosoftThreatProtection": MTPDataConnector, - "Resource.AzureAdvancedThreatProtection": AatpDataConnector, - "Resource.AzureSecurityCenter": ASCDataConnector, - "Resource.AmazonWebServicesCloudTrail": AwsCloudTrailDataConnector, - "Resource.AmazonWebServicesS3": AwsS3DataConnector, - "Resource.MicrosoftCloudAppSecurity": McasDataConnector, - "Resource.Dynamics365": Dynamics365DataConnector, - "Resource.OfficeATP": OfficeATPDataConnector, - "Resource.OfficeIRM": OfficeIRMDataConnector, - "Resource.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, - "Resource.Office365": OfficeDataConnector, - "Resource.ThreatIntelligenceTaxii": TiTaxiiDataConnector, - "Resource.GenericUI": CodelessUiDataConnector, - "Resource.APIPolling": CodelessApiPollingDataConnector + "ResourceWithEtag.Fusion": FusionAlertRule, + "ResourceWithEtag.MicrosoftSecurityIncidentCreation": MicrosoftSecurityIncidentCreationAlertRule, + "ResourceWithEtag.Scheduled": ScheduledAlertRule, + "ResourceWithEtag.AzureActiveDirectory": AADDataConnector, + "ResourceWithEtag.AzureAdvancedThreatProtection": AatpDataConnector, + "ResourceWithEtag.AzureSecurityCenter": ASCDataConnector, + "ResourceWithEtag.AmazonWebServicesCloudTrail": AwsCloudTrailDataConnector, + "ResourceWithEtag.MicrosoftCloudAppSecurity": McasDataConnector, + "ResourceWithEtag.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, + "ResourceWithEtag.ThreatIntelligence": TIDataConnector, + "ResourceWithEtag.Office365": OfficeDataConnector, + "ResourceWithEtag.ToggleSettings": ToggleSettings, + "ResourceWithEtag.UebaSettings": UebaSettings, + "Resource.Fusion": FusionAlertRuleTemplate, + "Resource.MicrosoftSecurityIncidentCreation": MicrosoftSecurityIncidentCreationAlertRuleTemplate, + "Resource.Scheduled": ScheduledAlertRuleTemplate }; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts index f9957be1f9cd..4d24ea1d96f0 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -14,30 +14,10 @@ import { import { AlertRule as AlertRuleMapper, ActionRequest as ActionRequestMapper, - AutomationRule as AutomationRuleMapper, Bookmark as BookmarkMapper, - Relation as RelationMapper, - BookmarkExpandParameters as BookmarkExpandParametersMapper, - CustomEntityQuery as CustomEntityQueryMapper, - EntityExpandParameters as EntityExpandParametersMapper, - EntityGetInsightsParameters as EntityGetInsightsParametersMapper, - EntityTimelineParameters as EntityTimelineParametersMapper, - Incident as IncidentMapper, - TeamProperties as TeamPropertiesMapper, - IncidentComment as IncidentCommentMapper, - MetadataModel as MetadataModelMapper, - MetadataPatch as MetadataPatchMapper, - SentinelOnboardingState as SentinelOnboardingStateMapper, - Settings as SettingsMapper, - SourceControl as SourceControlMapper, - Watchlist as WatchlistMapper, - WatchlistItem as WatchlistItemMapper, DataConnector as DataConnectorMapper, - DataConnectorConnectBody as DataConnectorConnectBodyMapper, - DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper, - ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, - ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, - ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper + Incident as IncidentMapper, + IncidentComment as IncidentCommentMapper } from "../models/mappers"; export const accept: OperationParameter = { @@ -67,7 +47,7 @@ export const $host: OperationURLParameter = { export const apiVersion: OperationQueryParameter = { parameterPath: "apiVersion", mapper: { - defaultValue: "2021-09-01-preview", + defaultValue: "2020-01-01", isConstant: true, serializedName: "api-version", type: { @@ -80,7 +60,9 @@ export const subscriptionId: OperationURLParameter = { parameterPath: "subscriptionId", mapper: { constraints: { - MinLength: 1 + Pattern: new RegExp( + "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$" + ) }, serializedName: "subscriptionId", required: true, @@ -94,6 +76,7 @@ export const resourceGroupName: OperationURLParameter = { parameterPath: "resourceGroupName", mapper: { constraints: { + Pattern: new RegExp("^[-\\w\\._\\(\\)]+$"), MaxLength: 90, MinLength: 1 }, @@ -187,10 +170,10 @@ export const alertRuleTemplateId: OperationURLParameter = { } }; -export const automationRuleId: OperationURLParameter = { - parameterPath: "automationRuleId", +export const bookmarkId: OperationURLParameter = { + parameterPath: "bookmarkId", mapper: { - serializedName: "automationRuleId", + serializedName: "bookmarkId", required: true, type: { name: "String" @@ -198,15 +181,15 @@ export const automationRuleId: OperationURLParameter = { } }; -export const automationRule: OperationParameter = { - parameterPath: "automationRule", - mapper: AutomationRuleMapper +export const bookmark: OperationParameter = { + parameterPath: "bookmark", + mapper: BookmarkMapper }; -export const bookmarkId: OperationURLParameter = { - parameterPath: "bookmarkId", +export const dataConnectorId: OperationURLParameter = { + parameterPath: "dataConnectorId", mapper: { - serializedName: "bookmarkId", + serializedName: "dataConnectorId", required: true, type: { name: "String" @@ -214,9 +197,9 @@ export const bookmarkId: OperationURLParameter = { } }; -export const bookmark: OperationParameter = { - parameterPath: "bookmark", - mapper: BookmarkMapper +export const dataConnector: OperationParameter = { + parameterPath: "dataConnector", + mapper: DataConnectorMapper }; export const filter: OperationQueryParameter = { @@ -259,112 +242,6 @@ export const skipToken: OperationQueryParameter = { } }; -export const relationName: OperationURLParameter = { - parameterPath: "relationName", - mapper: { - serializedName: "relationName", - required: true, - type: { - name: "String" - } - } -}; - -export const relation: OperationParameter = { - parameterPath: "relation", - mapper: RelationMapper -}; - -export const parameters: OperationParameter = { - parameterPath: "parameters", - mapper: BookmarkExpandParametersMapper -}; - -export const ipAddress: OperationQueryParameter = { - parameterPath: "ipAddress", - mapper: { - serializedName: "ipAddress", - required: true, - type: { - name: "String" - } - } -}; - -export const domain: OperationQueryParameter = { - parameterPath: "domain", - mapper: { - serializedName: "domain", - required: true, - type: { - name: "String" - } - } -}; - -export const kind: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryId: OperationURLParameter = { - parameterPath: "entityQueryId", - mapper: { - serializedName: "entityQueryId", - required: true, - type: { - name: "String" - } - } -}; - -export const entityQuery: OperationParameter = { - parameterPath: "entityQuery", - mapper: CustomEntityQueryMapper -}; - -export const entityId: OperationURLParameter = { - parameterPath: "entityId", - mapper: { - serializedName: "entityId", - required: true, - type: { - name: "String" - } - } -}; - -export const parameters1: OperationParameter = { - parameterPath: "parameters", - mapper: EntityExpandParametersMapper -}; - -export const kind1: OperationQueryParameter = { - parameterPath: "kind", - mapper: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } -}; - -export const parameters2: OperationParameter = { - parameterPath: "parameters", - mapper: EntityGetInsightsParametersMapper -}; - -export const parameters3: OperationParameter = { - parameterPath: "parameters", - mapper: EntityTimelineParametersMapper -}; - export const incidentId: OperationURLParameter = { parameterPath: "incidentId", mapper: { @@ -381,11 +258,6 @@ export const incident: OperationParameter = { mapper: IncidentMapper }; -export const teamProperties: OperationParameter = { - parameterPath: "teamProperties", - mapper: TeamPropertiesMapper -}; - export const incidentCommentId: OperationURLParameter = { parameterPath: "incidentCommentId", mapper: { @@ -401,216 +273,3 @@ export const incidentComment: OperationParameter = { parameterPath: "incidentComment", mapper: IncidentCommentMapper }; - -export const skip: OperationQueryParameter = { - parameterPath: ["options", "skip"], - mapper: { - serializedName: "$skip", - type: { - name: "Number" - } - } -}; - -export const metadataName: OperationURLParameter = { - parameterPath: "metadataName", - mapper: { - serializedName: "metadataName", - required: true, - type: { - name: "String" - } - } -}; - -export const metadata: OperationParameter = { - parameterPath: "metadata", - mapper: MetadataModelMapper -}; - -export const metadataPatch: OperationParameter = { - parameterPath: "metadataPatch", - mapper: MetadataPatchMapper -}; - -export const sentinelOnboardingStateName: OperationURLParameter = { - parameterPath: "sentinelOnboardingStateName", - mapper: { - serializedName: "sentinelOnboardingStateName", - required: true, - type: { - name: "String" - } - } -}; - -export const sentinelOnboardingStateParameter: OperationParameter = { - parameterPath: ["options", "sentinelOnboardingStateParameter"], - mapper: SentinelOnboardingStateMapper -}; - -export const settingsName: OperationURLParameter = { - parameterPath: "settingsName", - mapper: { - serializedName: "settingsName", - required: true, - type: { - name: "String" - } - } -}; - -export const settings: OperationParameter = { - parameterPath: "settings", - mapper: SettingsMapper -}; - -export const repoType: OperationParameter = { - parameterPath: "repoType", - mapper: { - serializedName: "repoType", - required: true, - type: { - name: "String" - } - } -}; - -export const sourceControlId: OperationURLParameter = { - parameterPath: "sourceControlId", - mapper: { - serializedName: "sourceControlId", - required: true, - type: { - name: "String" - } - } -}; - -export const sourceControl: OperationParameter = { - parameterPath: "sourceControl", - mapper: SourceControlMapper -}; - -export const watchlistAlias: OperationURLParameter = { - parameterPath: "watchlistAlias", - mapper: { - serializedName: "watchlistAlias", - required: true, - type: { - name: "String" - } - } -}; - -export const watchlist: OperationParameter = { - parameterPath: "watchlist", - mapper: WatchlistMapper -}; - -export const watchlistItemId: OperationURLParameter = { - parameterPath: "watchlistItemId", - mapper: { - serializedName: "watchlistItemId", - required: true, - type: { - name: "String" - } - } -}; - -export const watchlistItem: OperationParameter = { - parameterPath: "watchlistItem", - mapper: WatchlistItemMapper -}; - -export const dataConnectorId: OperationURLParameter = { - parameterPath: "dataConnectorId", - mapper: { - serializedName: "dataConnectorId", - required: true, - type: { - name: "String" - } - } -}; - -export const dataConnector: OperationParameter = { - parameterPath: "dataConnector", - mapper: DataConnectorMapper -}; - -export const connectBody: OperationParameter = { - parameterPath: "connectBody", - mapper: DataConnectorConnectBodyMapper -}; - -export const dataConnectorsCheckRequirements: OperationParameter = { - parameterPath: "dataConnectorsCheckRequirements", - mapper: DataConnectorsCheckRequirementsMapper -}; - -export const threatIntelligenceProperties: OperationParameter = { - parameterPath: "threatIntelligenceProperties", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const name: OperationURLParameter = { - parameterPath: "name", - mapper: { - serializedName: "name", - required: true, - type: { - name: "String" - } - } -}; - -export const threatIntelligenceFilteringCriteria: OperationParameter = { - parameterPath: "threatIntelligenceFilteringCriteria", - mapper: ThreatIntelligenceFilteringCriteriaMapper -}; - -export const threatIntelligenceAppendTags: OperationParameter = { - parameterPath: "threatIntelligenceAppendTags", - mapper: ThreatIntelligenceAppendTagsMapper -}; - -export const threatIntelligenceReplaceTags: OperationParameter = { - parameterPath: "threatIntelligenceReplaceTags", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const consentId: OperationURLParameter = { - parameterPath: "consentId", - mapper: { - serializedName: "consentId", - required: true, - type: { - name: "String" - } - } -}; - -export const kind2: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - defaultValue: "Activity", - isConstant: true, - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryTemplateId: OperationURLParameter = { - parameterPath: "entityQueryTemplateId", - mapper: { - serializedName: "entityQueryTemplateId", - required: true, - type: { - name: "String" - } - } -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts index 72aea9cb6a13..5d9028810e61 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts @@ -41,7 +41,8 @@ export class ActionsImpl implements Actions { /** * Gets all actions of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. @@ -121,7 +122,8 @@ export class ActionsImpl implements Actions { /** * Gets all actions of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. @@ -140,7 +142,8 @@ export class ActionsImpl implements Actions { /** * Gets the action of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param actionId Action ID @@ -161,7 +164,8 @@ export class ActionsImpl implements Actions { /** * Creates or updates the action of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param actionId Action ID @@ -184,7 +188,8 @@ export class ActionsImpl implements Actions { /** * Delete the action of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param actionId Action ID @@ -205,7 +210,8 @@ export class ActionsImpl implements Actions { /** * ListByAlertRuleNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param nextLink The nextLink from the previous successful call to the ListByAlertRule method. diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts index dbad34be967b..9ed94bd9a5e6 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts @@ -37,7 +37,8 @@ export class AlertRuleTemplatesImpl implements AlertRuleTemplates { /** * Gets all alert rule templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -96,7 +97,8 @@ export class AlertRuleTemplatesImpl implements AlertRuleTemplates { /** * Gets all alert rule templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -113,7 +115,8 @@ export class AlertRuleTemplatesImpl implements AlertRuleTemplates { /** * Gets the alert rule template. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param alertRuleTemplateId Alert rule template ID * @param options The options parameters. @@ -132,7 +135,8 @@ export class AlertRuleTemplatesImpl implements AlertRuleTemplates { /** * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param nextLink The nextLink from the previous successful call to the List method. * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts index 43164a9c587c..472062f619cb 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts @@ -40,7 +40,8 @@ export class AlertRulesImpl implements AlertRules { /** * Gets all alert rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -99,7 +100,8 @@ export class AlertRulesImpl implements AlertRules { /** * Gets all alert rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -116,7 +118,8 @@ export class AlertRulesImpl implements AlertRules { /** * Gets the alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. @@ -135,7 +138,8 @@ export class AlertRulesImpl implements AlertRules { /** * Creates or updates the alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param alertRule The alert rule @@ -156,7 +160,8 @@ export class AlertRulesImpl implements AlertRules { /** * Delete the alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. @@ -175,7 +180,8 @@ export class AlertRulesImpl implements AlertRules { /** * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param nextLink The nextLink from the previous successful call to the List method. * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts deleted file mode 100644 index 55f54bf28e69..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { AutomationRules } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - AutomationRule, - AutomationRulesListNextOptionalParams, - AutomationRulesListOptionalParams, - AutomationRulesListResponse, - AutomationRulesGetOptionalParams, - AutomationRulesGetResponse, - AutomationRulesCreateOrUpdateOptionalParams, - AutomationRulesCreateOrUpdateResponse, - AutomationRulesDeleteOptionalParams, - AutomationRulesListNextResponse -} from "../models"; - -/// -/** Class containing AutomationRules operations. */ -export class AutomationRulesImpl implements AutomationRules { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class AutomationRules class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all automation rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all automation rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets the automation rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param automationRuleId Automation rule ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - automationRuleId: string, - options?: AutomationRulesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, automationRuleId, options }, - getOperationSpec - ); - } - - /** - * Creates or updates the automation rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param automationRuleId Automation rule ID - * @param automationRule The automation rule - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - automationRuleId: string, - automationRule: AutomationRule, - options?: AutomationRulesCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - automationRuleId, - automationRule, - options - }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the automation rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param automationRuleId Automation rule ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - automationRuleId: string, - options?: AutomationRulesDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, automationRuleId, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: AutomationRulesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.AutomationRulesList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.AutomationRule - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.automationRuleId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.AutomationRule - }, - 201: { - bodyMapper: Mappers.AutomationRule - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.automationRule, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.automationRuleId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.automationRuleId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.AutomationRulesList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts deleted file mode 100644 index cd0a944ecdca..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { BookmarkOperations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - BookmarkExpandParameters, - BookmarkExpandOptionalParams, - BookmarkExpandOperationResponse -} from "../models"; - -/** Class containing BookmarkOperations operations. */ -export class BookmarkOperationsImpl implements BookmarkOperations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class BookmarkOperations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Expand an bookmark - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param parameters The parameters required to execute an expand operation on the given bookmark. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - parameters: BookmarkExpandParameters, - options?: BookmarkExpandOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, parameters, options }, - expandOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const expandOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.BookmarkExpandResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts deleted file mode 100644 index b399a68bbfc5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { BookmarkRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Relation, - BookmarkRelationsListNextOptionalParams, - BookmarkRelationsListOptionalParams, - BookmarkRelationsListResponse, - BookmarkRelationsGetOptionalParams, - BookmarkRelationsGetResponse, - BookmarkRelationsCreateOrUpdateOptionalParams, - BookmarkRelationsCreateOrUpdateResponse, - BookmarkRelationsDeleteOptionalParams, - BookmarkRelationsListNextResponse -} from "../models"; - -/// -/** Class containing BookmarkRelations operations. */ -export class BookmarkRelationsImpl implements BookmarkRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class BookmarkRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all bookmark relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( - resourceGroupName, - workspaceName, - bookmarkId, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage( - resourceGroupName, - workspaceName, - bookmarkId, - options - ); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list( - resourceGroupName, - workspaceName, - bookmarkId, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - bookmarkId, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - bookmarkId, - options - )) { - yield* page; - } - } - - /** - * Gets all bookmark relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, options }, - listOperationSpec - ); - } - - /** - * Gets a bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, relationName, options }, - getOperationSpec - ); - } - - /** - * Creates the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param relation The relation model - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - relation: Relation, - options?: BookmarkRelationsCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - bookmarkId, - relationName, - relation, - options - }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, relationName, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - nextLink: string, - options?: BookmarkRelationsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId, - Parameters.relationName - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - 201: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.relation, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId, - Parameters.relationName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId, - Parameters.relationName - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink, - Parameters.bookmarkId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts index 1587a320cf92..2acf1d022ff3 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts @@ -40,7 +40,8 @@ export class BookmarksImpl implements Bookmarks { /** * Gets all bookmarks. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -99,7 +100,8 @@ export class BookmarksImpl implements Bookmarks { /** * Gets all bookmarks. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -116,7 +118,8 @@ export class BookmarksImpl implements Bookmarks { /** * Gets a bookmark. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param bookmarkId Bookmark ID * @param options The options parameters. @@ -135,7 +138,8 @@ export class BookmarksImpl implements Bookmarks { /** * Creates or updates the bookmark. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param bookmarkId Bookmark ID * @param bookmark The bookmark @@ -156,7 +160,8 @@ export class BookmarksImpl implements Bookmarks { /** * Delete the bookmark. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param bookmarkId Bookmark ID * @param options The options parameters. @@ -175,7 +180,8 @@ export class BookmarksImpl implements Bookmarks { /** * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param nextLink The nextLink from the previous successful call to the List method. * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts index 82199b6e0cb2..2171566a2bb2 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts @@ -22,9 +22,6 @@ import { DataConnectorsCreateOrUpdateOptionalParams, DataConnectorsCreateOrUpdateResponse, DataConnectorsDeleteOptionalParams, - DataConnectorConnectBody, - DataConnectorsConnectOptionalParams, - DataConnectorsDisconnectOptionalParams, DataConnectorsListNextResponse } from "../models"; @@ -43,7 +40,8 @@ export class DataConnectorsImpl implements DataConnectors { /** * Gets all data connectors. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -102,7 +100,8 @@ export class DataConnectorsImpl implements DataConnectors { /** * Gets all data connectors. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -119,7 +118,8 @@ export class DataConnectorsImpl implements DataConnectors { /** * Gets a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param dataConnectorId Connector ID * @param options The options parameters. @@ -138,7 +138,8 @@ export class DataConnectorsImpl implements DataConnectors { /** * Creates or updates the data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param dataConnectorId Connector ID * @param dataConnector The data connector @@ -165,7 +166,8 @@ export class DataConnectorsImpl implements DataConnectors { /** * Delete the data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param dataConnectorId Connector ID * @param options The options parameters. @@ -182,55 +184,10 @@ export class DataConnectorsImpl implements DataConnectors { ); } - /** - * Connects a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param connectBody The data connector - * @param options The options parameters. - */ - connect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - connectBody: DataConnectorConnectBody, - options?: DataConnectorsConnectOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - dataConnectorId, - connectBody, - options - }, - connectOperationSpec - ); - } - - /** - * Disconnect a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param options The options parameters. - */ - disconnect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - options?: DataConnectorsDisconnectOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, dataConnectorId, options }, - disconnectOperationSpec - ); - } - /** * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param nextLink The nextLink from the previous successful call to the List method. * @param options The options parameters. @@ -345,50 +302,6 @@ const deleteOperationSpec: coreClient.OperationSpec = { headerParameters: [Parameters.accept], serializer }; -const connectOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect", - httpMethod: "POST", - responses: { - 200: {}, - default: { - bodyMapper: Mappers.ErrorResponse - } - }, - requestBody: Parameters.connectBody, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.dataConnectorId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const disconnectOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect", - httpMethod: "POST", - responses: { - 200: {}, - default: { - bodyMapper: Mappers.ErrorResponse - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.dataConnectorId - ], - headerParameters: [Parameters.accept], - serializer -}; const listNextOperationSpec: coreClient.OperationSpec = { path: "{nextLink}", httpMethod: "GET", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts deleted file mode 100644 index 06ee89237293..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { DataConnectorsCheckRequirementsOperations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - DataConnectorsCheckRequirementsUnion, - DataConnectorsCheckRequirementsPostOptionalParams, - DataConnectorsCheckRequirementsPostResponse -} from "../models"; - -/** Class containing DataConnectorsCheckRequirementsOperations operations. */ -export class DataConnectorsCheckRequirementsOperationsImpl - implements DataConnectorsCheckRequirementsOperations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class DataConnectorsCheckRequirementsOperations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get requirements state for a data connector type. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorsCheckRequirements The parameters for requirements check message - * @param options The options parameters. - */ - post( - resourceGroupName: string, - workspaceName: string, - dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, - options?: DataConnectorsCheckRequirementsPostOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements, - options - }, - postOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const postOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.DataConnectorRequirementsState - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.dataConnectorsCheckRequirements, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts b/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts deleted file mode 100644 index adc8023e0349..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { DomainWhois } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - DomainWhoisGetOptionalParams, - DomainWhoisGetResponse -} from "../models"; - -/** Class containing DomainWhois operations. */ -export class DomainWhoisImpl implements DomainWhois { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class DomainWhois class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get whois information for a single domain name - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param domain Domain name to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - domain: string, - options?: DomainWhoisGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, domain, options }, - getOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EnrichmentDomainWhois - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.domain], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts deleted file mode 100644 index c29d5caa98b8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Entities } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityUnion, - EntitiesListNextOptionalParams, - EntitiesListOptionalParams, - EntitiesListResponse, - EntitiesGetOptionalParams, - EntitiesGetResponse, - EntityExpandParameters, - EntitiesExpandOptionalParams, - EntitiesExpandResponse, - EntityItemQueryKind, - EntitiesQueriesOptionalParams, - EntitiesQueriesResponse, - EntityGetInsightsParameters, - EntitiesGetInsightsOptionalParams, - EntitiesGetInsightsResponse, - EntitiesListNextResponse -} from "../models"; - -/// -/** Class containing Entities operations. */ -export class EntitiesImpl implements Entities { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class Entities class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, options }, - getOperationSpec - ); - } - - /** - * Expands an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an expand operation on the given entity. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityExpandParameters, - options?: EntitiesExpandOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, parameters, options }, - expandOperationSpec - ); - } - - /** - * Get Insights and Activities for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param kind The Kind parameter for queries - * @param options The options parameters. - */ - queries( - resourceGroupName: string, - workspaceName: string, - entityId: string, - kind: EntityItemQueryKind, - options?: EntitiesQueriesOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, kind, options }, - queriesOperationSpec - ); - } - - /** - * Execute Insights for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute insights on the given entity. - * @param options The options parameters. - */ - getInsights( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityGetInsightsParameters, - options?: EntitiesGetInsightsOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, parameters, options }, - getInsightsOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: EntitiesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Entity - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; -const expandOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.EntityExpandResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters1, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const queriesOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.GetQueriesResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind1], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; -const getInsightsOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.EntityGetInsightsResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters2, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts deleted file mode 100644 index 52ccbd95b39b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { EntitiesGetTimeline } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityTimelineParameters, - EntitiesGetTimelineListOptionalParams, - EntitiesGetTimelineListResponse -} from "../models"; - -/** Class containing EntitiesGetTimeline operations. */ -export class EntitiesGetTimelineImpl implements EntitiesGetTimeline { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntitiesGetTimeline class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Timeline for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an timeline operation on the given entity. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityTimelineParameters, - options?: EntitiesGetTimelineListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, parameters, options }, - listOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.EntityTimelineResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters3, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts deleted file mode 100644 index 1117b74cd510..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { EntitiesRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Relation, - EntitiesRelationsListNextOptionalParams, - EntitiesRelationsListOptionalParams, - EntitiesRelationsListResponse, - EntitiesRelationsListNextResponse -} from "../models"; - -/// -/** Class containing EntitiesRelations operations. */ -export class EntitiesRelationsImpl implements EntitiesRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntitiesRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all relations of an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( - resourceGroupName, - workspaceName, - entityId, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage( - resourceGroupName, - workspaceName, - entityId, - options - ); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list( - resourceGroupName, - workspaceName, - entityId, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - entityId, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - entityId, - options - )) { - yield* page; - } - } - - /** - * Gets all relations of an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, options }, - listOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - entityId: string, - nextLink: string, - options?: EntitiesRelationsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts deleted file mode 100644 index 85592e81dda7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { EntityQueries } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityQueryUnion, - EntityQueriesListNextOptionalParams, - EntityQueriesListOptionalParams, - EntityQueriesListResponse, - EntityQueriesGetOptionalParams, - EntityQueriesGetResponse, - CustomEntityQueryUnion, - EntityQueriesCreateOrUpdateOptionalParams, - EntityQueriesCreateOrUpdateResponse, - EntityQueriesDeleteOptionalParams, - EntityQueriesListNextResponse -} from "../models"; - -/// -/** Class containing EntityQueries operations. */ -export class EntityQueriesImpl implements EntityQueries { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntityQueries class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all entity queries. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all entity queries. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryId, options }, - getOperationSpec - ); - } - - /** - * Creates or updates the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param entityQuery The entity query we want to create or update - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - entityQuery: CustomEntityQueryUnion, - options?: EntityQueriesCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryId, entityQuery, options }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryId, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: EntityQueriesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQuery - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.EntityQuery - }, - 201: { - bodyMapper: Mappers.EntityQuery - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.entityQuery, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts deleted file mode 100644 index 51b5a4ab4e9b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { EntityQueryTemplates } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityQueryTemplateUnion, - EntityQueryTemplatesListNextOptionalParams, - EntityQueryTemplatesListOptionalParams, - EntityQueryTemplatesListResponse, - EntityQueryTemplatesGetOptionalParams, - EntityQueryTemplatesGetResponse, - EntityQueryTemplatesListNextResponse -} from "../models"; - -/// -/** Class containing EntityQueryTemplates operations. */ -export class EntityQueryTemplatesImpl implements EntityQueryTemplates { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntityQueryTemplates class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all entity query templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all entity query templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryTemplateId entity query template ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryTemplateId: string, - options?: EntityQueryTemplatesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryTemplateId, options }, - getOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: EntityQueryTemplatesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryTemplateList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind2], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryTemplate - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryTemplateId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryTemplateList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind2], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts deleted file mode 100644 index e76d8ca12d13..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { EntityRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityRelationsGetRelationOptionalParams, - EntityRelationsGetRelationResponse -} from "../models"; - -/** Class containing EntityRelations operations. */ -export class EntityRelationsImpl implements EntityRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntityRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets an entity relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param relationName Relation Name - * @param options The options parameters. - */ - getRelation( - resourceGroupName: string, - workspaceName: string, - entityId: string, - relationName: string, - options?: EntityRelationsGetRelationOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, relationName, options }, - getRelationOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getRelationOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.relationName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts deleted file mode 100644 index 9219973e7167..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { IPGeodata } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { IPGeodataGetOptionalParams, IPGeodataGetResponse } from "../models"; - -/** Class containing IPGeodata operations. */ -export class IPGeodataImpl implements IPGeodata { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class IPGeodata class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get geodata for a single IP address - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param ipAddress IP address (v4 or v6) to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - ipAddress: string, - options?: IPGeodataGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, ipAddress, options }, - getOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EnrichmentIpGeodata - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.ipAddress], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts index ae27ca7777d1..8559333e2ff6 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts @@ -14,15 +14,14 @@ import * as Parameters from "../models/parameters"; import { SecurityInsights } from "../securityInsights"; import { IncidentComment, - IncidentCommentsListNextOptionalParams, - IncidentCommentsListOptionalParams, - IncidentCommentsListResponse, + IncidentCommentsListByIncidentNextOptionalParams, + IncidentCommentsListByIncidentOptionalParams, + IncidentCommentsListByIncidentResponse, IncidentCommentsGetOptionalParams, IncidentCommentsGetResponse, - IncidentCommentsCreateOrUpdateOptionalParams, - IncidentCommentsCreateOrUpdateResponse, - IncidentCommentsDeleteOptionalParams, - IncidentCommentsListNextResponse + IncidentCommentsCreateCommentOptionalParams, + IncidentCommentsCreateCommentResponse, + IncidentCommentsListByIncidentNextResponse } from "../models"; /// @@ -40,18 +39,19 @@ export class IncidentCommentsImpl implements IncidentComments { /** * Gets all incident comments. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. */ - public list( + public listByIncident( resourceGroupName: string, workspaceName: string, incidentId: string, - options?: IncidentCommentsListOptionalParams + options?: IncidentCommentsListByIncidentOptionalParams ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( + const iter = this.listByIncidentPagingAll( resourceGroupName, workspaceName, incidentId, @@ -65,7 +65,7 @@ export class IncidentCommentsImpl implements IncidentComments { return this; }, byPage: () => { - return this.listPagingPage( + return this.listByIncidentPagingPage( resourceGroupName, workspaceName, incidentId, @@ -75,13 +75,13 @@ export class IncidentCommentsImpl implements IncidentComments { }; } - private async *listPagingPage( + private async *listByIncidentPagingPage( resourceGroupName: string, workspaceName: string, incidentId: string, - options?: IncidentCommentsListOptionalParams + options?: IncidentCommentsListByIncidentOptionalParams ): AsyncIterableIterator { - let result = await this._list( + let result = await this._listByIncident( resourceGroupName, workspaceName, incidentId, @@ -90,7 +90,7 @@ export class IncidentCommentsImpl implements IncidentComments { yield result.value || []; let continuationToken = result.nextLink; while (continuationToken) { - result = await this._listNext( + result = await this._listByIncidentNext( resourceGroupName, workspaceName, incidentId, @@ -102,13 +102,13 @@ export class IncidentCommentsImpl implements IncidentComments { } } - private async *listPagingAll( + private async *listByIncidentPagingAll( resourceGroupName: string, workspaceName: string, incidentId: string, - options?: IncidentCommentsListOptionalParams + options?: IncidentCommentsListByIncidentOptionalParams ): AsyncIterableIterator { - for await (const page of this.listPagingPage( + for await (const page of this.listByIncidentPagingPage( resourceGroupName, workspaceName, incidentId, @@ -120,26 +120,28 @@ export class IncidentCommentsImpl implements IncidentComments { /** * Gets all incident comments. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. */ - private _list( + private _listByIncident( resourceGroupName: string, workspaceName: string, incidentId: string, - options?: IncidentCommentsListOptionalParams - ): Promise { + options?: IncidentCommentsListByIncidentOptionalParams + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, incidentId, options }, - listOperationSpec + listByIncidentOperationSpec ); } /** * Gets an incident comment. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param incidentCommentId Incident comment ID @@ -165,22 +167,23 @@ export class IncidentCommentsImpl implements IncidentComments { } /** - * Creates or updates the incident comment. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * Creates the incident comment. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param incidentCommentId Incident comment ID * @param incidentComment The incident comment * @param options The options parameters. */ - createOrUpdate( + createComment( resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, - options?: IncidentCommentsCreateOrUpdateOptionalParams - ): Promise { + options?: IncidentCommentsCreateCommentOptionalParams + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, @@ -190,62 +193,36 @@ export class IncidentCommentsImpl implements IncidentComments { incidentComment, options }, - createOrUpdateOperationSpec + createCommentOperationSpec ); } /** - * Delete the incident comment. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * ListByIncidentNext + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID - * @param incidentCommentId Incident comment ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - incidentCommentId: string, - options?: IncidentCommentsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - incidentId, - incidentCommentId, - options - }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param nextLink The nextLink from the previous successful call to the List method. + * @param nextLink The nextLink from the previous successful call to the ListByIncident method. * @param options The options parameters. */ - private _listNext( + private _listByIncidentNext( resourceGroupName: string, workspaceName: string, incidentId: string, nextLink: string, - options?: IncidentCommentsListNextOptionalParams - ): Promise { + options?: IncidentCommentsListByIncidentNextOptionalParams + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, incidentId, nextLink, options }, - listNextOperationSpec + listByIncidentNextOperationSpec ); } } // Operation Specifications const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); -const listOperationSpec: coreClient.OperationSpec = { +const listByIncidentOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments", httpMethod: "GET", @@ -298,14 +275,11 @@ const getOperationSpec: coreClient.OperationSpec = { headerParameters: [Parameters.accept], serializer }; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { +const createCommentOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", httpMethod: "PUT", responses: { - 200: { - bodyMapper: Mappers.IncidentComment - }, 201: { bodyMapper: Mappers.IncidentComment }, @@ -327,30 +301,7 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { mediaType: "json", serializer }; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId, - Parameters.incidentCommentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { +const listByIncidentNextOperationSpec: coreClient.OperationSpec = { path: "{nextLink}", httpMethod: "GET", responses: { diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts deleted file mode 100644 index 86c73b551a2f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { IncidentRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Relation, - IncidentRelationsListNextOptionalParams, - IncidentRelationsListOptionalParams, - IncidentRelationsListResponse, - IncidentRelationsGetOptionalParams, - IncidentRelationsGetResponse, - IncidentRelationsCreateOrUpdateOptionalParams, - IncidentRelationsCreateOrUpdateResponse, - IncidentRelationsDeleteOptionalParams, - IncidentRelationsListNextResponse -} from "../models"; - -/// -/** Class containing IncidentRelations operations. */ -export class IncidentRelationsImpl implements IncidentRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class IncidentRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all incident relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentRelationsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( - resourceGroupName, - workspaceName, - incidentId, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage( - resourceGroupName, - workspaceName, - incidentId, - options - ); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentRelationsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list( - resourceGroupName, - workspaceName, - incidentId, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - incidentId, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentRelationsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - incidentId, - options - )) { - yield* page; - } - } - - /** - * Gets all incident relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentRelationsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, options }, - listOperationSpec - ); - } - - /** - * Gets an incident relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param relationName Relation Name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - relationName: string, - options?: IncidentRelationsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, relationName, options }, - getOperationSpec - ); - } - - /** - * Creates or updates the incident relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param relationName Relation Name - * @param relation The relation model - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - relationName: string, - relation: Relation, - options?: IncidentRelationsCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - incidentId, - relationName, - relation, - options - }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the incident relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param relationName Relation Name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - relationName: string, - options?: IncidentRelationsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, relationName, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - nextLink: string, - options?: IncidentRelationsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.relationName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - 201: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.relation, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.relationName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.relationName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts index ad5f24a076f9..ce5fb4c8efb9 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts @@ -22,15 +22,6 @@ import { IncidentsCreateOrUpdateOptionalParams, IncidentsCreateOrUpdateResponse, IncidentsDeleteOptionalParams, - TeamProperties, - IncidentsCreateTeamOptionalParams, - IncidentsCreateTeamResponse, - IncidentsListAlertsOptionalParams, - IncidentsListAlertsResponse, - IncidentsListBookmarksOptionalParams, - IncidentsListBookmarksResponse, - IncidentsListEntitiesOptionalParams, - IncidentsListEntitiesResponse, IncidentsListNextResponse } from "../models"; @@ -49,7 +40,8 @@ export class IncidentsImpl implements Incidents { /** * Gets all incidents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -108,7 +100,8 @@ export class IncidentsImpl implements Incidents { /** * Gets all incidents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -125,7 +118,8 @@ export class IncidentsImpl implements Incidents { /** * Gets an incident. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. @@ -144,7 +138,8 @@ export class IncidentsImpl implements Incidents { /** * Creates or updates the incident. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param incident The incident @@ -165,7 +160,8 @@ export class IncidentsImpl implements Incidents { /** * Delete the incident. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. @@ -182,88 +178,10 @@ export class IncidentsImpl implements Incidents { ); } - /** - * Creates a Microsoft team to investigate the incident by sharing information and insights between - * participants. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param teamProperties Team properties - * @param options The options parameters. - */ - createTeam( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - teamProperties: TeamProperties, - options?: IncidentsCreateTeamOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, teamProperties, options }, - createTeamOperationSpec - ); - } - - /** - * Gets all incident alerts. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - listAlerts( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentsListAlertsOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, options }, - listAlertsOperationSpec - ); - } - - /** - * Gets all incident bookmarks. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - listBookmarks( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentsListBookmarksOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, options }, - listBookmarksOperationSpec - ); - } - - /** - * Gets all incident related entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - listEntities( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentsListEntitiesOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, options }, - listEntitiesOperationSpec - ); - } - /** * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param nextLink The nextLink from the previous successful call to the List method. * @param options The options parameters. @@ -384,100 +302,6 @@ const deleteOperationSpec: coreClient.OperationSpec = { headerParameters: [Parameters.accept], serializer }; -const createTeamOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.TeamInformation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.teamProperties, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listAlertsOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.IncidentAlertList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listBookmarksOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.IncidentBookmarkList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listEntitiesOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.IncidentEntitiesResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept], - serializer -}; const listNextOperationSpec: coreClient.OperationSpec = { path: "{nextLink}", httpMethod: "GET", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts index 1cf716300f95..c7d791cc7714 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -9,32 +9,8 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; -export * from "./automationRules"; export * from "./bookmarks"; -export * from "./bookmarkRelations"; -export * from "./bookmarkOperations"; -export * from "./iPGeodata"; -export * from "./domainWhois"; -export * from "./entityQueries"; -export * from "./entities"; -export * from "./entitiesGetTimeline"; -export * from "./entitiesRelations"; -export * from "./entityRelations"; -export * from "./incidents"; -export * from "./incidentComments"; -export * from "./incidentRelations"; -export * from "./metadata"; -export * from "./sentinelOnboardingStates"; -export * from "./productSettings"; -export * from "./sourceControlOperations"; -export * from "./sourceControls"; -export * from "./watchlists"; -export * from "./watchlistItems"; export * from "./dataConnectors"; -export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; +export * from "./incidents"; +export * from "./incidentComments"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts deleted file mode 100644 index be14e682404d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Metadata } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - MetadataModel, - MetadataListNextOptionalParams, - MetadataListOptionalParams, - MetadataListResponse, - MetadataGetOptionalParams, - MetadataGetResponse, - MetadataDeleteOptionalParams, - MetadataCreateOptionalParams, - MetadataCreateResponse, - MetadataPatch, - MetadataUpdateOptionalParams, - MetadataUpdateResponse, - MetadataListNextResponse -} from "../models"; - -/// -/** Class containing Metadata operations. */ -export class MetadataImpl implements Metadata { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class Metadata class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * List of all metadata - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * List of all metadata - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Get a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, metadataName, options }, - getOperationSpec - ); - } - - /** - * Delete a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, metadataName, options }, - deleteOperationSpec - ); - } - - /** - * Create a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadata Metadata resource. - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadata: MetadataModel, - options?: MetadataCreateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, metadataName, metadata, options }, - createOperationSpec - ); - } - - /** - * Update an existing Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadataPatch Partial metadata request. - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadataPatch: MetadataPatch, - options?: MetadataUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - metadataName, - metadataPatch, - options - }, - updateOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: MetadataListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.MetadataList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skip - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.MetadataModel - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.MetadataModel - }, - 201: { - bodyMapper: Mappers.MetadataModel - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.metadata, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const updateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "PATCH", - responses: { - 200: { - bodyMapper: Mappers.MetadataModel - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.metadataPatch, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.MetadataList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skip - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts deleted file mode 100644 index 28d1a51e8097..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts +++ /dev/null @@ -1,263 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { OfficeConsents } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - OfficeConsent, - OfficeConsentsListNextOptionalParams, - OfficeConsentsListOptionalParams, - OfficeConsentsListResponse, - OfficeConsentsGetOptionalParams, - OfficeConsentsGetResponse, - OfficeConsentsDeleteOptionalParams, - OfficeConsentsListNextResponse -} from "../models"; - -/// -/** Class containing OfficeConsents operations. */ -export class OfficeConsentsImpl implements OfficeConsents { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class OfficeConsents class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all office365 consents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all office365 consents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, consentId, options }, - getOperationSpec - ); - } - - /** - * Delete the office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, consentId, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: OfficeConsentsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.OfficeConsentList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.OfficeConsent - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.consentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.consentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.OfficeConsentList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts deleted file mode 100644 index b28a78dde724..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { ProductSettings } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - ProductSettingsListOptionalParams, - ProductSettingsListResponse, - ProductSettingsGetOptionalParams, - ProductSettingsGetResponse, - ProductSettingsDeleteOptionalParams, - SettingsUnion, - ProductSettingsUpdateOptionalParams, - ProductSettingsUpdateResponse -} from "../models"; - -/** Class containing ProductSettings operations. */ -export class ProductSettingsImpl implements ProductSettings { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class ProductSettings class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * List of all the settings - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ProductSettingsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets a setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsName, options }, - getOperationSpec - ); - } - - /** - * Delete setting of the product. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsName, options }, - deleteOperationSpec - ); - } - - /** - * Updates setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param settings The setting - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - settings: SettingsUnion, - options?: ProductSettingsUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsName, settings, options }, - updateOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SettingList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Settings - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsName - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsName - ], - headerParameters: [Parameters.accept], - serializer -}; -const updateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.Settings - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.settings, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sentinelOnboardingStates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sentinelOnboardingStates.ts deleted file mode 100644 index 3694465b4a4e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/sentinelOnboardingStates.ts +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { SentinelOnboardingStates } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - SentinelOnboardingStatesGetOptionalParams, - SentinelOnboardingStatesGetResponse, - SentinelOnboardingStatesCreateOptionalParams, - SentinelOnboardingStatesCreateResponse, - SentinelOnboardingStatesDeleteOptionalParams, - SentinelOnboardingStatesListOptionalParams, - SentinelOnboardingStatesListResponse -} from "../models"; - -/** Class containing SentinelOnboardingStates operations. */ -export class SentinelOnboardingStatesImpl implements SentinelOnboardingStates { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class SentinelOnboardingStates class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get Sentinel onboarding state - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - sentinelOnboardingStateName: string, - options?: SentinelOnboardingStatesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - sentinelOnboardingStateName, - options - }, - getOperationSpec - ); - } - - /** - * Create Sentinel onboarding state - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - sentinelOnboardingStateName: string, - options?: SentinelOnboardingStatesCreateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - sentinelOnboardingStateName, - options - }, - createOperationSpec - ); - } - - /** - * Delete Sentinel onboarding state - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - sentinelOnboardingStateName: string, - options?: SentinelOnboardingStatesDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - sentinelOnboardingStateName, - options - }, - deleteOperationSpec - ); - } - - /** - * Gets all Sentinel onboarding states - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: SentinelOnboardingStatesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SentinelOnboardingState - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sentinelOnboardingStateName - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.SentinelOnboardingState - }, - 201: { - bodyMapper: Mappers.SentinelOnboardingState - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.sentinelOnboardingStateParameter, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sentinelOnboardingStateName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sentinelOnboardingStateName - ], - headerParameters: [Parameters.accept], - serializer -}; -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SentinelOnboardingStatesList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts deleted file mode 100644 index 1337fe8b5caa..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { SourceControlOperations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Repo, - RepoType, - SourceControlListRepositoriesNextOptionalParams, - SourceControlListRepositoriesOptionalParams, - SourceControlListRepositoriesResponse, - SourceControlListRepositoriesNextResponse -} from "../models"; - -/// -/** Class containing SourceControlOperations operations. */ -export class SourceControlOperationsImpl implements SourceControlOperations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class SourceControlOperations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets a list of repositories metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param options The options parameters. - */ - public listRepositories( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listRepositoriesPagingAll( - resourceGroupName, - workspaceName, - repoType, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listRepositoriesPagingPage( - resourceGroupName, - workspaceName, - repoType, - options - ); - } - }; - } - - private async *listRepositoriesPagingPage( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): AsyncIterableIterator { - let result = await this._listRepositories( - resourceGroupName, - workspaceName, - repoType, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listRepositoriesNext( - resourceGroupName, - workspaceName, - repoType, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listRepositoriesPagingAll( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listRepositoriesPagingPage( - resourceGroupName, - workspaceName, - repoType, - options - )) { - yield* page; - } - } - - /** - * Gets a list of repositories metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param options The options parameters. - */ - private _listRepositories( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, repoType, options }, - listRepositoriesOperationSpec - ); - } - - /** - * ListRepositoriesNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param nextLink The nextLink from the previous successful call to the ListRepositories method. - * @param options The options parameters. - */ - private _listRepositoriesNext( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - nextLink: string, - options?: SourceControlListRepositoriesNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, repoType, nextLink, options }, - listRepositoriesNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listRepositoriesOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.RepoList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.repoType, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listRepositoriesNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RepoList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts deleted file mode 100644 index 4fc9a379dd59..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { SourceControls } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - SourceControl, - SourceControlsListNextOptionalParams, - SourceControlsListOptionalParams, - SourceControlsListResponse, - SourceControlsGetOptionalParams, - SourceControlsGetResponse, - SourceControlsDeleteOptionalParams, - SourceControlsCreateOptionalParams, - SourceControlsCreateResponse, - SourceControlsListNextResponse -} from "../models"; - -/// -/** Class containing SourceControls operations. */ -export class SourceControlsImpl implements SourceControls { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class SourceControls class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all source controls, without source control items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all source controls, without source control items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets a source control byt its identifier. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, sourceControlId, options }, - getOperationSpec - ); - } - - /** - * Delete a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, sourceControlId, options }, - deleteOperationSpec - ); - } - - /** - * Creates a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param sourceControl The SourceControl - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - sourceControl: SourceControl, - options?: SourceControlsCreateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - sourceControlId, - sourceControl, - options - }, - createOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: SourceControlsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SourceControlList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SourceControl - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sourceControlId - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sourceControlId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.SourceControl - }, - 201: { - bodyMapper: Mappers.SourceControl - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.sourceControl, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sourceControlId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SourceControlList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts deleted file mode 100644 index a64f200cc916..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts +++ /dev/null @@ -1,526 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { ThreatIntelligenceIndicator } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - ThreatIntelligenceInformationUnion, - ThreatIntelligenceFilteringCriteria, - ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams, - ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams, - ThreatIntelligenceIndicatorModelForRequestBody, - ThreatIntelligenceIndicatorCreateIndicatorOptionalParams, - ThreatIntelligenceIndicatorCreateIndicatorResponse, - ThreatIntelligenceIndicatorGetOptionalParams, - ThreatIntelligenceIndicatorGetResponse, - ThreatIntelligenceIndicatorCreateOptionalParams, - ThreatIntelligenceIndicatorCreateResponse, - ThreatIntelligenceIndicatorDeleteOptionalParams, - ThreatIntelligenceIndicatorQueryIndicatorsResponse, - ThreatIntelligenceAppendTags, - ThreatIntelligenceIndicatorAppendTagsOptionalParams, - ThreatIntelligenceIndicatorReplaceTagsOptionalParams, - ThreatIntelligenceIndicatorReplaceTagsResponse, - ThreatIntelligenceIndicatorQueryIndicatorsNextResponse -} from "../models"; - -/// -/** Class containing ThreatIntelligenceIndicator operations. */ -export class ThreatIntelligenceIndicatorImpl - implements ThreatIntelligenceIndicator { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class ThreatIntelligenceIndicator class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Query threat intelligence indicators as per filtering criteria. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence - * indicators. - * @param options The options parameters. - */ - public listQueryIndicators( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, - options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.queryIndicatorsPagingAll( - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.queryIndicatorsPagingPage( - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - options - ); - } - }; - } - - private async *queryIndicatorsPagingPage( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, - options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams - ): AsyncIterableIterator { - let result = await this._queryIndicators( - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._queryIndicatorsNext( - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *queryIndicatorsPagingAll( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, - options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams - ): AsyncIterableIterator { - for await (const page of this.queryIndicatorsPagingPage( - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - options - )) { - yield* page; - } - } - - /** - * Create a new threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and - * update. - * @param options The options parameters. - */ - createIndicator( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, - options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - threatIntelligenceProperties, - options - }, - createIndicatorOperationSpec - ); - } - - /** - * View a threat intelligence indicator by name. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - name: string, - options?: ThreatIntelligenceIndicatorGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, name, options }, - getOperationSpec - ); - } - - /** - * Update a threat Intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and - * update. - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - name: string, - threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, - options?: ThreatIntelligenceIndicatorCreateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - name, - threatIntelligenceProperties, - options - }, - createOperationSpec - ); - } - - /** - * Delete a threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - name: string, - options?: ThreatIntelligenceIndicatorDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, name, options }, - deleteOperationSpec - ); - } - - /** - * Query threat intelligence indicators as per filtering criteria. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence - * indicators. - * @param options The options parameters. - */ - private _queryIndicators( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, - options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - options - }, - queryIndicatorsOperationSpec - ); - } - - /** - * Append tags to a threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param threatIntelligenceAppendTags The threat intelligence append tags request body - * @param options The options parameters. - */ - appendTags( - resourceGroupName: string, - workspaceName: string, - name: string, - threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, - options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - name, - threatIntelligenceAppendTags, - options - }, - appendTagsOperationSpec - ); - } - - /** - * Replace tags added to a threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. - * @param options The options parameters. - */ - replaceTags( - resourceGroupName: string, - workspaceName: string, - name: string, - threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, - options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - name, - threatIntelligenceReplaceTags, - options - }, - replaceTagsOperationSpec - ); - } - - /** - * QueryIndicatorsNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence - * indicators. - * @param nextLink The nextLink from the previous successful call to the QueryIndicators method. - * @param options The options parameters. - */ - private _queryIndicatorsNext( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, - nextLink: string, - options?: ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - threatIntelligenceFilteringCriteria, - nextLink, - options - }, - queryIndicatorsNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const createIndicatorOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformation - }, - 201: { - bodyMapper: Mappers.ThreatIntelligenceInformation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.threatIntelligenceProperties, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.name - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformation - }, - 201: { - bodyMapper: Mappers.ThreatIntelligenceInformation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.threatIntelligenceProperties, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.name - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.name - ], - headerParameters: [Parameters.accept], - serializer -}; -const queryIndicatorsOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.threatIntelligenceFilteringCriteria, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const appendTagsOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", - httpMethod: "POST", - responses: { - 200: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.threatIntelligenceAppendTags, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.name - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const replaceTagsOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.threatIntelligenceReplaceTags, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.name - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const queryIndicatorsNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts deleted file mode 100644 index fa1a50561ed1..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { ThreatIntelligenceIndicatorMetrics } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - ThreatIntelligenceIndicatorMetricsListOptionalParams, - ThreatIntelligenceIndicatorMetricsListResponse -} from "../models"; - -/** Class containing ThreatIntelligenceIndicatorMetrics operations. */ -export class ThreatIntelligenceIndicatorMetricsImpl - implements ThreatIntelligenceIndicatorMetrics { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class ThreatIntelligenceIndicatorMetrics class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorMetricsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceMetricsList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts deleted file mode 100644 index af9eb6c60f9b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { ThreatIntelligenceIndicators } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - ThreatIntelligenceInformationUnion, - ThreatIntelligenceIndicatorsListNextOptionalParams, - ThreatIntelligenceIndicatorsListOptionalParams, - ThreatIntelligenceIndicatorsListResponse, - ThreatIntelligenceIndicatorsListNextResponse -} from "../models"; - -/// -/** Class containing ThreatIntelligenceIndicators operations. */ -export class ThreatIntelligenceIndicatorsImpl - implements ThreatIntelligenceIndicators { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class ThreatIntelligenceIndicators class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get all threat intelligence indicators. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Get all threat intelligence indicators. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: ThreatIntelligenceIndicatorsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.ThreatIntelligenceInformationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts deleted file mode 100644 index 3493b054956a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { WatchlistItems } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - WatchlistItem, - WatchlistItemsListNextOptionalParams, - WatchlistItemsListOptionalParams, - WatchlistItemsListResponse, - WatchlistItemsGetOptionalParams, - WatchlistItemsGetResponse, - WatchlistItemsDeleteOptionalParams, - WatchlistItemsCreateOrUpdateOptionalParams, - WatchlistItemsCreateOrUpdateResponse, - WatchlistItemsListNextResponse -} from "../models"; - -/// -/** Class containing WatchlistItems operations. */ -export class WatchlistItemsImpl implements WatchlistItems { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class WatchlistItems class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all watchlist Items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistItemsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( - resourceGroupName, - workspaceName, - watchlistAlias, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage( - resourceGroupName, - workspaceName, - watchlistAlias, - options - ); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistItemsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list( - resourceGroupName, - workspaceName, - watchlistAlias, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - watchlistAlias, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistItemsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - watchlistAlias, - options - )) { - yield* page; - } - } - - /** - * Gets all watchlist Items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistItemsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, watchlistAlias, options }, - listOperationSpec - ); - } - - /** - * Gets a watchlist, without its watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlistItemId: string, - options?: WatchlistItemsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - watchlistAlias, - watchlistItemId, - options - }, - getOperationSpec - ); - } - - /** - * Delete a watchlist item. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlistItemId: string, - options?: WatchlistItemsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - watchlistAlias, - watchlistItemId, - options - }, - deleteOperationSpec - ); - } - - /** - * Creates or updates a watchlist item. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) - * @param watchlistItem The watchlist item - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlistItemId: string, - watchlistItem: WatchlistItem, - options?: WatchlistItemsCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - watchlistAlias, - watchlistItemId, - watchlistItem, - options - }, - createOrUpdateOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - nextLink: string, - options?: WatchlistItemsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, watchlistAlias, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.WatchlistItemList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.WatchlistItem - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias, - Parameters.watchlistItemId - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias, - Parameters.watchlistItemId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.WatchlistItem - }, - 201: { - bodyMapper: Mappers.WatchlistItem - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.watchlistItem, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias, - Parameters.watchlistItemId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.WatchlistItemList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink, - Parameters.watchlistAlias - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts deleted file mode 100644 index bf8ea3e0b683..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts +++ /dev/null @@ -1,316 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Watchlists } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Watchlist, - WatchlistsListNextOptionalParams, - WatchlistsListOptionalParams, - WatchlistsListResponse, - WatchlistsGetOptionalParams, - WatchlistsGetResponse, - WatchlistsDeleteOptionalParams, - WatchlistsCreateOrUpdateOptionalParams, - WatchlistsCreateOrUpdateResponse, - WatchlistsListNextResponse -} from "../models"; - -/// -/** Class containing Watchlists operations. */ -export class WatchlistsImpl implements Watchlists { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class Watchlists class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all watchlists, without watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: WatchlistsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: WatchlistsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: WatchlistsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all watchlists, without watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: WatchlistsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets a watchlist, without its watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, watchlistAlias, options }, - getOperationSpec - ); - } - - /** - * Delete a watchlist. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, watchlistAlias, options }, - deleteOperationSpec - ); - } - - /** - * Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content - * type). To create a Watchlist and its items, we should call this endpoint with rawContent and - * contentType properties. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlist The watchlist - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlist: Watchlist, - options?: WatchlistsCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, watchlistAlias, watchlist, options }, - createOrUpdateOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: WatchlistsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.WatchlistList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Watchlist - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.Watchlist - }, - 201: { - bodyMapper: Mappers.Watchlist - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.watchlist, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.watchlistAlias - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.WatchlistList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts index 72dfe1476baa..e1cd31bca447 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts @@ -23,7 +23,8 @@ import { export interface Actions { /** * Gets all actions of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. @@ -36,7 +37,8 @@ export interface Actions { ): PagedAsyncIterableIterator; /** * Gets the action of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param actionId Action ID @@ -51,7 +53,8 @@ export interface Actions { ): Promise; /** * Creates or updates the action of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param actionId Action ID @@ -68,7 +71,8 @@ export interface Actions { ): Promise; /** * Delete the action of alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param actionId Action ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts index de75b2a3cda3..3164efcfc51f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts @@ -19,7 +19,8 @@ import { export interface AlertRuleTemplates { /** * Gets all alert rule templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -30,7 +31,8 @@ export interface AlertRuleTemplates { ): PagedAsyncIterableIterator; /** * Gets the alert rule template. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param alertRuleTemplateId Alert rule template ID * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts index 2c4f2da816f5..ec41e98fe70f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts @@ -22,7 +22,8 @@ import { export interface AlertRules { /** * Gets all alert rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -33,7 +34,8 @@ export interface AlertRules { ): PagedAsyncIterableIterator; /** * Gets the alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. @@ -46,7 +48,8 @@ export interface AlertRules { ): Promise; /** * Creates or updates the alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param alertRule The alert rule @@ -61,7 +64,8 @@ export interface AlertRules { ): Promise; /** * Delete the alert rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param ruleId Alert rule ID * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts deleted file mode 100644 index fc1210e5c84e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - AutomationRule, - AutomationRulesListOptionalParams, - AutomationRulesGetOptionalParams, - AutomationRulesGetResponse, - AutomationRulesCreateOrUpdateOptionalParams, - AutomationRulesCreateOrUpdateResponse, - AutomationRulesDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a AutomationRules. */ -export interface AutomationRules { - /** - * Gets all automation rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets the automation rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param automationRuleId Automation rule ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - automationRuleId: string, - options?: AutomationRulesGetOptionalParams - ): Promise; - /** - * Creates or updates the automation rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param automationRuleId Automation rule ID - * @param automationRule The automation rule - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - automationRuleId: string, - automationRule: AutomationRule, - options?: AutomationRulesCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the automation rule. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param automationRuleId Automation rule ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - automationRuleId: string, - options?: AutomationRulesDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts deleted file mode 100644 index 99a1802aa35a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - BookmarkExpandParameters, - BookmarkExpandOptionalParams, - BookmarkExpandOperationResponse -} from "../models"; - -/** Interface representing a BookmarkOperations. */ -export interface BookmarkOperations { - /** - * Expand an bookmark - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param parameters The parameters required to execute an expand operation on the given bookmark. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - parameters: BookmarkExpandParameters, - options?: BookmarkExpandOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts deleted file mode 100644 index f2100626e2a9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - Relation, - BookmarkRelationsListOptionalParams, - BookmarkRelationsGetOptionalParams, - BookmarkRelationsGetResponse, - BookmarkRelationsCreateOrUpdateOptionalParams, - BookmarkRelationsCreateOrUpdateResponse, - BookmarkRelationsDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a BookmarkRelations. */ -export interface BookmarkRelations { - /** - * Gets all bookmark relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets a bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsGetOptionalParams - ): Promise; - /** - * Creates the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param relation The relation model - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - relation: Relation, - options?: BookmarkRelationsCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts index 0cf11ccd2d18..a5846bb59437 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts @@ -22,7 +22,8 @@ import { export interface Bookmarks { /** * Gets all bookmarks. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -33,7 +34,8 @@ export interface Bookmarks { ): PagedAsyncIterableIterator; /** * Gets a bookmark. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param bookmarkId Bookmark ID * @param options The options parameters. @@ -46,7 +48,8 @@ export interface Bookmarks { ): Promise; /** * Creates or updates the bookmark. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param bookmarkId Bookmark ID * @param bookmark The bookmark @@ -61,7 +64,8 @@ export interface Bookmarks { ): Promise; /** * Delete the bookmark. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param bookmarkId Bookmark ID * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts index e9cb04512c91..53cf2f63a8c8 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts @@ -14,10 +14,7 @@ import { DataConnectorsGetResponse, DataConnectorsCreateOrUpdateOptionalParams, DataConnectorsCreateOrUpdateResponse, - DataConnectorsDeleteOptionalParams, - DataConnectorConnectBody, - DataConnectorsConnectOptionalParams, - DataConnectorsDisconnectOptionalParams + DataConnectorsDeleteOptionalParams } from "../models"; /// @@ -25,7 +22,8 @@ import { export interface DataConnectors { /** * Gets all data connectors. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -36,7 +34,8 @@ export interface DataConnectors { ): PagedAsyncIterableIterator; /** * Gets a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param dataConnectorId Connector ID * @param options The options parameters. @@ -49,7 +48,8 @@ export interface DataConnectors { ): Promise; /** * Creates or updates the data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param dataConnectorId Connector ID * @param dataConnector The data connector @@ -64,7 +64,8 @@ export interface DataConnectors { ): Promise; /** * Delete the data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param dataConnectorId Connector ID * @param options The options parameters. @@ -75,32 +76,4 @@ export interface DataConnectors { dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams ): Promise; - /** - * Connects a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param connectBody The data connector - * @param options The options parameters. - */ - connect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - connectBody: DataConnectorConnectBody, - options?: DataConnectorsConnectOptionalParams - ): Promise; - /** - * Disconnect a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param options The options parameters. - */ - disconnect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - options?: DataConnectorsDisconnectOptionalParams - ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts deleted file mode 100644 index bcb6e67df617..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - DataConnectorsCheckRequirementsUnion, - DataConnectorsCheckRequirementsPostOptionalParams, - DataConnectorsCheckRequirementsPostResponse -} from "../models"; - -/** Interface representing a DataConnectorsCheckRequirementsOperations. */ -export interface DataConnectorsCheckRequirementsOperations { - /** - * Get requirements state for a data connector type. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorsCheckRequirements The parameters for requirements check message - * @param options The options parameters. - */ - post( - resourceGroupName: string, - workspaceName: string, - dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, - options?: DataConnectorsCheckRequirementsPostOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts deleted file mode 100644 index d10705b58b73..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - DomainWhoisGetOptionalParams, - DomainWhoisGetResponse -} from "../models"; - -/** Interface representing a DomainWhois. */ -export interface DomainWhois { - /** - * Get whois information for a single domain name - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param domain Domain name to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - domain: string, - options?: DomainWhoisGetOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts deleted file mode 100644 index ac24d1939afa..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - EntityUnion, - EntitiesListOptionalParams, - EntitiesGetOptionalParams, - EntitiesGetResponse, - EntityExpandParameters, - EntitiesExpandOptionalParams, - EntitiesExpandResponse, - EntityItemQueryKind, - EntitiesQueriesOptionalParams, - EntitiesQueriesResponse, - EntityGetInsightsParameters, - EntitiesGetInsightsOptionalParams, - EntitiesGetInsightsResponse -} from "../models"; - -/// -/** Interface representing a Entities. */ -export interface Entities { - /** - * Gets all entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesGetOptionalParams - ): Promise; - /** - * Expands an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an expand operation on the given entity. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityExpandParameters, - options?: EntitiesExpandOptionalParams - ): Promise; - /** - * Get Insights and Activities for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param kind The Kind parameter for queries - * @param options The options parameters. - */ - queries( - resourceGroupName: string, - workspaceName: string, - entityId: string, - kind: EntityItemQueryKind, - options?: EntitiesQueriesOptionalParams - ): Promise; - /** - * Execute Insights for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute insights on the given entity. - * @param options The options parameters. - */ - getInsights( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityGetInsightsParameters, - options?: EntitiesGetInsightsOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts deleted file mode 100644 index 996a01b8049f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - EntityTimelineParameters, - EntitiesGetTimelineListOptionalParams, - EntitiesGetTimelineListResponse -} from "../models"; - -/** Interface representing a EntitiesGetTimeline. */ -export interface EntitiesGetTimeline { - /** - * Timeline for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an timeline operation on the given entity. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityTimelineParameters, - options?: EntitiesGetTimelineListOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts deleted file mode 100644 index 3c16852eab43..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Relation, EntitiesRelationsListOptionalParams } from "../models"; - -/// -/** Interface representing a EntitiesRelations. */ -export interface EntitiesRelations { - /** - * Gets all relations of an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): PagedAsyncIterableIterator; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts deleted file mode 100644 index 33ad4415d960..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - EntityQueryUnion, - EntityQueriesListOptionalParams, - EntityQueriesGetOptionalParams, - EntityQueriesGetResponse, - CustomEntityQueryUnion, - EntityQueriesCreateOrUpdateOptionalParams, - EntityQueriesCreateOrUpdateResponse, - EntityQueriesDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a EntityQueries. */ -export interface EntityQueries { - /** - * Gets all entity queries. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesGetOptionalParams - ): Promise; - /** - * Creates or updates the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param entityQuery The entity query we want to create or update - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - entityQuery: CustomEntityQueryUnion, - options?: EntityQueriesCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts deleted file mode 100644 index a3a023d1c5b8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - EntityQueryTemplateUnion, - EntityQueryTemplatesListOptionalParams, - EntityQueryTemplatesGetOptionalParams, - EntityQueryTemplatesGetResponse -} from "../models"; - -/// -/** Interface representing a EntityQueryTemplates. */ -export interface EntityQueryTemplates { - /** - * Gets all entity query templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryTemplateId entity query template ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryTemplateId: string, - options?: EntityQueryTemplatesGetOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts deleted file mode 100644 index 5416a8543a30..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - EntityRelationsGetRelationOptionalParams, - EntityRelationsGetRelationResponse -} from "../models"; - -/** Interface representing a EntityRelations. */ -export interface EntityRelations { - /** - * Gets an entity relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param relationName Relation Name - * @param options The options parameters. - */ - getRelation( - resourceGroupName: string, - workspaceName: string, - entityId: string, - relationName: string, - options?: EntityRelationsGetRelationOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts deleted file mode 100644 index b6060c5c6e20..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { IPGeodataGetOptionalParams, IPGeodataGetResponse } from "../models"; - -/** Interface representing a IPGeodata. */ -export interface IPGeodata { - /** - * Get geodata for a single IP address - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param ipAddress IP address (v4 or v6) to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - ipAddress: string, - options?: IPGeodataGetOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts index 3bce6e5213cf..adf5f15f732f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts @@ -9,12 +9,11 @@ import { PagedAsyncIterableIterator } from "@azure/core-paging"; import { IncidentComment, - IncidentCommentsListOptionalParams, + IncidentCommentsListByIncidentOptionalParams, IncidentCommentsGetOptionalParams, IncidentCommentsGetResponse, - IncidentCommentsCreateOrUpdateOptionalParams, - IncidentCommentsCreateOrUpdateResponse, - IncidentCommentsDeleteOptionalParams + IncidentCommentsCreateCommentOptionalParams, + IncidentCommentsCreateCommentResponse } from "../models"; /// @@ -22,20 +21,22 @@ import { export interface IncidentComments { /** * Gets all incident comments. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. */ - list( + listByIncident( resourceGroupName: string, workspaceName: string, incidentId: string, - options?: IncidentCommentsListOptionalParams + options?: IncidentCommentsListByIncidentOptionalParams ): PagedAsyncIterableIterator; /** * Gets an incident comment. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param incidentCommentId Incident comment ID @@ -49,35 +50,21 @@ export interface IncidentComments { options?: IncidentCommentsGetOptionalParams ): Promise; /** - * Creates or updates the incident comment. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * Creates the incident comment. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param incidentCommentId Incident comment ID * @param incidentComment The incident comment * @param options The options parameters. */ - createOrUpdate( + createComment( resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, - options?: IncidentCommentsCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the incident comment. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param incidentCommentId Incident comment ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - incidentCommentId: string, - options?: IncidentCommentsDeleteOptionalParams - ): Promise; + options?: IncidentCommentsCreateCommentOptionalParams + ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts deleted file mode 100644 index 6e4d50d7995e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - Relation, - IncidentRelationsListOptionalParams, - IncidentRelationsGetOptionalParams, - IncidentRelationsGetResponse, - IncidentRelationsCreateOrUpdateOptionalParams, - IncidentRelationsCreateOrUpdateResponse, - IncidentRelationsDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a IncidentRelations. */ -export interface IncidentRelations { - /** - * Gets all incident relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentRelationsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an incident relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param relationName Relation Name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - relationName: string, - options?: IncidentRelationsGetOptionalParams - ): Promise; - /** - * Creates or updates the incident relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param relationName Relation Name - * @param relation The relation model - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - relationName: string, - relation: Relation, - options?: IncidentRelationsCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the incident relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param relationName Relation Name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - relationName: string, - options?: IncidentRelationsDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts index 472272b92f69..536ac7637070 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts @@ -14,16 +14,7 @@ import { IncidentsGetResponse, IncidentsCreateOrUpdateOptionalParams, IncidentsCreateOrUpdateResponse, - IncidentsDeleteOptionalParams, - TeamProperties, - IncidentsCreateTeamOptionalParams, - IncidentsCreateTeamResponse, - IncidentsListAlertsOptionalParams, - IncidentsListAlertsResponse, - IncidentsListBookmarksOptionalParams, - IncidentsListBookmarksResponse, - IncidentsListEntitiesOptionalParams, - IncidentsListEntitiesResponse + IncidentsDeleteOptionalParams } from "../models"; /// @@ -31,7 +22,8 @@ import { export interface Incidents { /** * Gets all incidents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. */ @@ -42,7 +34,8 @@ export interface Incidents { ): PagedAsyncIterableIterator; /** * Gets an incident. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. @@ -55,7 +48,8 @@ export interface Incidents { ): Promise; /** * Creates or updates the incident. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param incident The incident @@ -70,7 +64,8 @@ export interface Incidents { ): Promise; /** * Delete the incident. - * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param resourceGroupName The name of the resource group within the user's subscription. The name is + * case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID * @param options The options parameters. @@ -81,59 +76,4 @@ export interface Incidents { incidentId: string, options?: IncidentsDeleteOptionalParams ): Promise; - /** - * Creates a Microsoft team to investigate the incident by sharing information and insights between - * participants. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param teamProperties Team properties - * @param options The options parameters. - */ - createTeam( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - teamProperties: TeamProperties, - options?: IncidentsCreateTeamOptionalParams - ): Promise; - /** - * Gets all incident alerts. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - listAlerts( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentsListAlertsOptionalParams - ): Promise; - /** - * Gets all incident bookmarks. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - listBookmarks( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentsListBookmarksOptionalParams - ): Promise; - /** - * Gets all incident related entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param options The options parameters. - */ - listEntities( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - options?: IncidentsListEntitiesOptionalParams - ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts index 1cf716300f95..c7d791cc7714 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -9,32 +9,8 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; -export * from "./automationRules"; export * from "./bookmarks"; -export * from "./bookmarkRelations"; -export * from "./bookmarkOperations"; -export * from "./iPGeodata"; -export * from "./domainWhois"; -export * from "./entityQueries"; -export * from "./entities"; -export * from "./entitiesGetTimeline"; -export * from "./entitiesRelations"; -export * from "./entityRelations"; -export * from "./incidents"; -export * from "./incidentComments"; -export * from "./incidentRelations"; -export * from "./metadata"; -export * from "./sentinelOnboardingStates"; -export * from "./productSettings"; -export * from "./sourceControlOperations"; -export * from "./sourceControls"; -export * from "./watchlists"; -export * from "./watchlistItems"; export * from "./dataConnectors"; -export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; +export * from "./incidents"; +export * from "./incidentComments"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts deleted file mode 100644 index c0ea5a0cfd97..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - MetadataModel, - MetadataListOptionalParams, - MetadataGetOptionalParams, - MetadataGetResponse, - MetadataDeleteOptionalParams, - MetadataCreateOptionalParams, - MetadataCreateResponse, - MetadataPatch, - MetadataUpdateOptionalParams, - MetadataUpdateResponse -} from "../models"; - -/// -/** Interface representing a Metadata. */ -export interface Metadata { - /** - * List of all metadata - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Get a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataGetOptionalParams - ): Promise; - /** - * Delete a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataDeleteOptionalParams - ): Promise; - /** - * Create a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadata Metadata resource. - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadata: MetadataModel, - options?: MetadataCreateOptionalParams - ): Promise; - /** - * Update an existing Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadataPatch Partial metadata request. - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadataPatch: MetadataPatch, - options?: MetadataUpdateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts deleted file mode 100644 index 6a5cdc6c10db..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - OfficeConsent, - OfficeConsentsListOptionalParams, - OfficeConsentsGetOptionalParams, - OfficeConsentsGetResponse, - OfficeConsentsDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a OfficeConsents. */ -export interface OfficeConsents { - /** - * Gets all office365 consents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsGetOptionalParams - ): Promise; - /** - * Delete the office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts deleted file mode 100644 index e88280b71695..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - ProductSettingsListOptionalParams, - ProductSettingsListResponse, - ProductSettingsGetOptionalParams, - ProductSettingsGetResponse, - ProductSettingsDeleteOptionalParams, - SettingsUnion, - ProductSettingsUpdateOptionalParams, - ProductSettingsUpdateResponse -} from "../models"; - -/** Interface representing a ProductSettings. */ -export interface ProductSettings { - /** - * List of all the settings - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ProductSettingsListOptionalParams - ): Promise; - /** - * Gets a setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsGetOptionalParams - ): Promise; - /** - * Delete setting of the product. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsDeleteOptionalParams - ): Promise; - /** - * Updates setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param settings The setting - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - settings: SettingsUnion, - options?: ProductSettingsUpdateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sentinelOnboardingStates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sentinelOnboardingStates.ts deleted file mode 100644 index 1c092cb668d2..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sentinelOnboardingStates.ts +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - SentinelOnboardingStatesGetOptionalParams, - SentinelOnboardingStatesGetResponse, - SentinelOnboardingStatesCreateOptionalParams, - SentinelOnboardingStatesCreateResponse, - SentinelOnboardingStatesDeleteOptionalParams, - SentinelOnboardingStatesListOptionalParams, - SentinelOnboardingStatesListResponse -} from "../models"; - -/** Interface representing a SentinelOnboardingStates. */ -export interface SentinelOnboardingStates { - /** - * Get Sentinel onboarding state - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - sentinelOnboardingStateName: string, - options?: SentinelOnboardingStatesGetOptionalParams - ): Promise; - /** - * Create Sentinel onboarding state - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - sentinelOnboardingStateName: string, - options?: SentinelOnboardingStatesCreateOptionalParams - ): Promise; - /** - * Delete Sentinel onboarding state - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - sentinelOnboardingStateName: string, - options?: SentinelOnboardingStatesDeleteOptionalParams - ): Promise; - /** - * Gets all Sentinel onboarding states - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: SentinelOnboardingStatesListOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts deleted file mode 100644 index 75cb1cd61a83..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - Repo, - RepoType, - SourceControlListRepositoriesOptionalParams -} from "../models"; - -/// -/** Interface representing a SourceControlOperations. */ -export interface SourceControlOperations { - /** - * Gets a list of repositories metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param options The options parameters. - */ - listRepositories( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): PagedAsyncIterableIterator; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts deleted file mode 100644 index 2e675d5f49a7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - SourceControl, - SourceControlsListOptionalParams, - SourceControlsGetOptionalParams, - SourceControlsGetResponse, - SourceControlsDeleteOptionalParams, - SourceControlsCreateOptionalParams, - SourceControlsCreateResponse -} from "../models"; - -/// -/** Interface representing a SourceControls. */ -export interface SourceControls { - /** - * Gets all source controls, without source control items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets a source control byt its identifier. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsGetOptionalParams - ): Promise; - /** - * Delete a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsDeleteOptionalParams - ): Promise; - /** - * Creates a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param sourceControl The SourceControl - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - sourceControl: SourceControl, - options?: SourceControlsCreateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicator.ts deleted file mode 100644 index 01d594102cda..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicator.ts +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - ThreatIntelligenceInformationUnion, - ThreatIntelligenceFilteringCriteria, - ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams, - ThreatIntelligenceIndicatorModelForRequestBody, - ThreatIntelligenceIndicatorCreateIndicatorOptionalParams, - ThreatIntelligenceIndicatorCreateIndicatorResponse, - ThreatIntelligenceIndicatorGetOptionalParams, - ThreatIntelligenceIndicatorGetResponse, - ThreatIntelligenceIndicatorCreateOptionalParams, - ThreatIntelligenceIndicatorCreateResponse, - ThreatIntelligenceIndicatorDeleteOptionalParams, - ThreatIntelligenceAppendTags, - ThreatIntelligenceIndicatorAppendTagsOptionalParams, - ThreatIntelligenceIndicatorReplaceTagsOptionalParams, - ThreatIntelligenceIndicatorReplaceTagsResponse -} from "../models"; - -/// -/** Interface representing a ThreatIntelligenceIndicator. */ -export interface ThreatIntelligenceIndicator { - /** - * Query threat intelligence indicators as per filtering criteria. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence - * indicators. - * @param options The options parameters. - */ - listQueryIndicators( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, - options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams - ): PagedAsyncIterableIterator; - /** - * Create a new threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and - * update. - * @param options The options parameters. - */ - createIndicator( - resourceGroupName: string, - workspaceName: string, - threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, - options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams - ): Promise; - /** - * View a threat intelligence indicator by name. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - name: string, - options?: ThreatIntelligenceIndicatorGetOptionalParams - ): Promise; - /** - * Update a threat Intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and - * update. - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - name: string, - threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, - options?: ThreatIntelligenceIndicatorCreateOptionalParams - ): Promise; - /** - * Delete a threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - name: string, - options?: ThreatIntelligenceIndicatorDeleteOptionalParams - ): Promise; - /** - * Append tags to a threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param threatIntelligenceAppendTags The threat intelligence append tags request body - * @param options The options parameters. - */ - appendTags( - resourceGroupName: string, - workspaceName: string, - name: string, - threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, - options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams - ): Promise; - /** - * Replace tags added to a threat intelligence indicator. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param name Threat intelligence indicator name field. - * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. - * @param options The options parameters. - */ - replaceTags( - resourceGroupName: string, - workspaceName: string, - name: string, - threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, - options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicatorMetrics.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicatorMetrics.ts deleted file mode 100644 index 980e0ccabd6f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicatorMetrics.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - ThreatIntelligenceIndicatorMetricsListOptionalParams, - ThreatIntelligenceIndicatorMetricsListResponse -} from "../models"; - -/** Interface representing a ThreatIntelligenceIndicatorMetrics. */ -export interface ThreatIntelligenceIndicatorMetrics { - /** - * Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorMetricsListOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicators.ts deleted file mode 100644 index 0048743735b8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicators.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - ThreatIntelligenceInformationUnion, - ThreatIntelligenceIndicatorsListOptionalParams -} from "../models"; - -/// -/** Interface representing a ThreatIntelligenceIndicators. */ -export interface ThreatIntelligenceIndicators { - /** - * Get all threat intelligence indicators. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ThreatIntelligenceIndicatorsListOptionalParams - ): PagedAsyncIterableIterator; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts deleted file mode 100644 index d5713dbc41a7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - WatchlistItem, - WatchlistItemsListOptionalParams, - WatchlistItemsGetOptionalParams, - WatchlistItemsGetResponse, - WatchlistItemsDeleteOptionalParams, - WatchlistItemsCreateOrUpdateOptionalParams, - WatchlistItemsCreateOrUpdateResponse -} from "../models"; - -/// -/** Interface representing a WatchlistItems. */ -export interface WatchlistItems { - /** - * Gets all watchlist Items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistItemsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets a watchlist, without its watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlistItemId: string, - options?: WatchlistItemsGetOptionalParams - ): Promise; - /** - * Delete a watchlist item. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlistItemId: string, - options?: WatchlistItemsDeleteOptionalParams - ): Promise; - /** - * Creates or updates a watchlist item. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) - * @param watchlistItem The watchlist item - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlistItemId: string, - watchlistItem: WatchlistItem, - options?: WatchlistItemsCreateOrUpdateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts deleted file mode 100644 index 0a7dbb3ef8a0..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - Watchlist, - WatchlistsListOptionalParams, - WatchlistsGetOptionalParams, - WatchlistsGetResponse, - WatchlistsDeleteOptionalParams, - WatchlistsCreateOrUpdateOptionalParams, - WatchlistsCreateOrUpdateResponse -} from "../models"; - -/// -/** Interface representing a Watchlists. */ -export interface Watchlists { - /** - * Gets all watchlists, without watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: WatchlistsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets a watchlist, without its watchlist items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistsGetOptionalParams - ): Promise; - /** - * Delete a watchlist. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - options?: WatchlistsDeleteOptionalParams - ): Promise; - /** - * Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content - * type). To create a Watchlist and its items, we should call this endpoint with rawContent and - * contentType properties. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlist The watchlist - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - watchlistAlias: string, - watchlist: Watchlist, - options?: WatchlistsCreateOrUpdateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts index 957dd1d33970..ec5c8bfd7e0a 100644 --- a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -12,69 +12,21 @@ import { AlertRulesImpl, ActionsImpl, AlertRuleTemplatesImpl, - AutomationRulesImpl, BookmarksImpl, - BookmarkRelationsImpl, - BookmarkOperationsImpl, - IPGeodataImpl, - DomainWhoisImpl, - EntityQueriesImpl, - EntitiesImpl, - EntitiesGetTimelineImpl, - EntitiesRelationsImpl, - EntityRelationsImpl, - IncidentsImpl, - IncidentCommentsImpl, - IncidentRelationsImpl, - MetadataImpl, - SentinelOnboardingStatesImpl, - ProductSettingsImpl, - SourceControlOperationsImpl, - SourceControlsImpl, - WatchlistsImpl, - WatchlistItemsImpl, DataConnectorsImpl, - DataConnectorsCheckRequirementsOperationsImpl, - ThreatIntelligenceIndicatorImpl, - ThreatIntelligenceIndicatorsImpl, - ThreatIntelligenceIndicatorMetricsImpl, OperationsImpl, - OfficeConsentsImpl, - EntityQueryTemplatesImpl + IncidentsImpl, + IncidentCommentsImpl } from "./operations"; import { AlertRules, Actions, AlertRuleTemplates, - AutomationRules, Bookmarks, - BookmarkRelations, - BookmarkOperations, - IPGeodata, - DomainWhois, - EntityQueries, - Entities, - EntitiesGetTimeline, - EntitiesRelations, - EntityRelations, - Incidents, - IncidentComments, - IncidentRelations, - Metadata, - SentinelOnboardingStates, - ProductSettings, - SourceControlOperations, - SourceControls, - Watchlists, - WatchlistItems, DataConnectors, - DataConnectorsCheckRequirementsOperations, - ThreatIntelligenceIndicator, - ThreatIntelligenceIndicators, - ThreatIntelligenceIndicatorMetrics, Operations, - OfficeConsents, - EntityQueryTemplates + Incidents, + IncidentComments } from "./operationsInterfaces"; import { SecurityInsightsOptionalParams } from "./models"; @@ -86,7 +38,7 @@ export class SecurityInsights extends coreClient.ServiceClient { /** * Initializes a new instance of the SecurityInsights class. * @param credentials Subscription credentials which uniquely identify client subscription. - * @param subscriptionId The ID of the target subscription. + * @param subscriptionId Azure subscription ID * @param options The parameter options */ constructor( @@ -110,7 +62,7 @@ export class SecurityInsights extends coreClient.ServiceClient { credential: credentials }; - const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.1`; + const packageDetails = `azsdk-js-arm-securityinsight/1.0.0`; const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` @@ -133,79 +85,23 @@ export class SecurityInsights extends coreClient.ServiceClient { // Assigning values to Constant parameters this.$host = options.$host || "https://management.azure.com"; - this.apiVersion = options.apiVersion || "2021-09-01-preview"; + this.apiVersion = options.apiVersion || "2020-01-01"; this.alertRules = new AlertRulesImpl(this); this.actions = new ActionsImpl(this); this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); - this.automationRules = new AutomationRulesImpl(this); this.bookmarks = new BookmarksImpl(this); - this.bookmarkRelations = new BookmarkRelationsImpl(this); - this.bookmarkOperations = new BookmarkOperationsImpl(this); - this.iPGeodata = new IPGeodataImpl(this); - this.domainWhois = new DomainWhoisImpl(this); - this.entityQueries = new EntityQueriesImpl(this); - this.entities = new EntitiesImpl(this); - this.entitiesGetTimeline = new EntitiesGetTimelineImpl(this); - this.entitiesRelations = new EntitiesRelationsImpl(this); - this.entityRelations = new EntityRelationsImpl(this); - this.incidents = new IncidentsImpl(this); - this.incidentComments = new IncidentCommentsImpl(this); - this.incidentRelations = new IncidentRelationsImpl(this); - this.metadata = new MetadataImpl(this); - this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); - this.productSettings = new ProductSettingsImpl(this); - this.sourceControlOperations = new SourceControlOperationsImpl(this); - this.sourceControls = new SourceControlsImpl(this); - this.watchlists = new WatchlistsImpl(this); - this.watchlistItems = new WatchlistItemsImpl(this); this.dataConnectors = new DataConnectorsImpl(this); - this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( - this - ); - this.threatIntelligenceIndicator = new ThreatIntelligenceIndicatorImpl( - this - ); - this.threatIntelligenceIndicators = new ThreatIntelligenceIndicatorsImpl( - this - ); - this.threatIntelligenceIndicatorMetrics = new ThreatIntelligenceIndicatorMetricsImpl( - this - ); this.operations = new OperationsImpl(this); - this.officeConsents = new OfficeConsentsImpl(this); - this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); + this.incidents = new IncidentsImpl(this); + this.incidentComments = new IncidentCommentsImpl(this); } alertRules: AlertRules; actions: Actions; alertRuleTemplates: AlertRuleTemplates; - automationRules: AutomationRules; bookmarks: Bookmarks; - bookmarkRelations: BookmarkRelations; - bookmarkOperations: BookmarkOperations; - iPGeodata: IPGeodata; - domainWhois: DomainWhois; - entityQueries: EntityQueries; - entities: Entities; - entitiesGetTimeline: EntitiesGetTimeline; - entitiesRelations: EntitiesRelations; - entityRelations: EntityRelations; - incidents: Incidents; - incidentComments: IncidentComments; - incidentRelations: IncidentRelations; - metadata: Metadata; - sentinelOnboardingStates: SentinelOnboardingStates; - productSettings: ProductSettings; - sourceControlOperations: SourceControlOperations; - sourceControls: SourceControls; - watchlists: Watchlists; - watchlistItems: WatchlistItems; dataConnectors: DataConnectors; - dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; - threatIntelligenceIndicator: ThreatIntelligenceIndicator; - threatIntelligenceIndicators: ThreatIntelligenceIndicators; - threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; operations: Operations; - officeConsents: OfficeConsents; - entityQueryTemplates: EntityQueryTemplates; + incidents: Incidents; + incidentComments: IncidentComments; } diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json index 6e3251194117..3e6ae96443f3 100644 --- a/sdk/securityinsight/arm-securityinsight/tsconfig.json +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -9,11 +9,19 @@ "esModuleInterop": true, "allowSyntheticDefaultImports": true, "forceConsistentCasingInFileNames": true, - "lib": ["es6", "dom"], + "lib": [ + "es6", + "dom" + ], "declaration": true, "outDir": "./dist-esm", "importHelpers": true }, - "include": ["./src/**/*.ts", "./test/**/*.ts"], - "exclude": ["node_modules"] -} + "include": [ + "./src/**/*.ts", + "./test/**/*.ts" + ], + "exclude": [ + "node_modules" + ] +} \ No newline at end of file